From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Halcrow Subject: Re: [Lsf-pc] [LSF/MM TOPIC] ext4 Encryption Update: Policies, File Names, and Integrity Date: Thu, 15 Jan 2015 11:09:13 -0800 Message-ID: <20150115190913.GB3353@google.com> References: <20150115184310.GA3353@google.com> <54B80D6B.8040400@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org To: Sasha Levin Return-path: Received: from mail-yk0-f201.google.com ([209.85.160.201]:37142 "EHLO mail-yk0-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751240AbbAOTJP (ORCPT ); Thu, 15 Jan 2015 14:09:15 -0500 Received: by mail-yk0-f201.google.com with SMTP id 142so1144872ykq.0 for ; Thu, 15 Jan 2015 11:09:14 -0800 (PST) Content-Disposition: inline In-Reply-To: <54B80D6B.8040400@oracle.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, Jan 15, 2015 at 01:56:43PM -0500, Sasha Levin wrote: > On 01/15/2015 01:43 PM, Michael Halcrow wrote: > > I previously presented on ext4 encryption at the 2014 Linux Security > > Summit: > > > > http://kernsec.org/wiki/index.php/Linux_Security_Summit_2014/Abstracts/Halcrow > > > > http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf > > > > Our first prototype implementation has been in Ted Ts'o's unstable git > > branch since November 2014. My team has made significant progress in > > the months since, developing encryption policy and file name > > encryption capabilities. We have completed the first major phase of > > development and are preparing a patchset to iterate on the prototype. > > > > I will present our approach at applying different encryption policies > > to different segments of the file system via a policy inheritance > > scheme. I will discuss how file-granular policies can sythesize > > multiple keys to cryptographically protect files. For example, both > > logon credentials and off-device keys can together preclude access. > > This work represents efforts by Ildar Muslukhov. > > > > I will also present the challenges involved in file name encryption on > > a multi-tenant system and will discuss novel solutions spearheaded by > > Uday Savagaonkar. This approach involves treating the user domain, > > HTree domain, and disk domains for the file names separately and > > applying different transformations depending upon whether or not the > > encryption keys for the file names are available. > > > > Finally, I will discuss what our future plans are with respect to > > encryption with integrity, which will include leveraging ext4 > > transactions to enforce cryptographic consistency while managing > > additional per-block authentication data. > > Are there any controversial topics that require a discussion here? It really > sounds like just a presentation about ext4 encryption. Yes, it's largely a presentation. I'd be very happy to see this topic rejected on the grounds that there's too little controversy.