lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 21 Mar 2012 18:10:18 +0200
From:	Artem Bityutskiy <dedekind1@...il.com>
To:	Joel Reardon <joel@...mbassador.com>
Cc:	linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [patch] Add design document for UBIFS secure deletion

On Mon, 2012-03-19 at 17:54 +0100, Joel Reardon wrote:
> Design document should be self explanatory.
> 
> Signed-off-by: Joel Reardon <reardonj@....ethz.ch>
> 
> ---
>  Documentation/filesystems/ubifsec.txt |  358 +++++++++++++++++++++++++++++++++
>  1 files changed, 358 insertions(+), 0 deletions(-)
>  create mode 100644 Documentation/filesystems/ubifsec.txt
> 
> diff --git a/Documentation/filesystems/ubifsec.txt b/Documentation/filesystems/ubifsec.txt
> new file mode 100644
> index 0000000..4eb41fb
> --- /dev/null
> +++ b/Documentation/filesystems/ubifsec.txt
> @@ -0,0 +1,357 @@
> +UBIFS Secure Deletion Enhancement
> +
> +Written by Joel Reardon <reardonj@....ethz.ch>
> +Last revised: 19.3.2012
> +
> +Introduction
> +============
> +UBIFSec provides efficient secure deletion for the flash file system UBIFS.
> +Trivial secure deletion by overwriting the deleted data does not work for
> +flash memory, as there is a large difference between the size of the I/O unit
> +(page) and the erasure unit (erase block).

I think for correctness you should use term "LEB" everywhere, not
"eraseblock".

>  UBIFSec encrypts each data node
> +with a distinct key and stores the keys colocated in a key storage area (KSA).
> +Secure deletion is achieved by atomically updating the (small) set of erase
> +blocks that constitute the KSA to remove keys corresponding to deleted data,
> +thereby deleting the data nodes they encrypted.
> +
> +Key Storage Area (KSA)
> +======================
> +UBIFSec uses a small migrating set of erase blocks to store all the data

"Migrating" set? To me it sounds like the KSA area changes the position
withing the UBI volume. I'd suggest to remove word "migrating".

> +node's keys---this set is called the Key Storage Area (KSA). The KSA is
> +managed separately from the rest of the file system. In particular, it does
> +not behave like a log-structured file system: when a KSA erase block is
> +updated, its contents are written to a new erase block

s/to a new erase block/to a new KSA LEB/ ?

> , the logical reference
> +to the KSA block is updated, and the previous version of the KSA erase block

s/KSA block/KSA LEB/ ?

Also, it is not clear what is the "logical reference" - would be nice to
probably introduce this notion before using it.

-- 
Best Regards,
Artem Bityutskiy

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ