Researching for proposals: trust and proactively-secure filesystems

[Eric McCorkle]

On 5/28/20 1:07 PM, Chris wrote:

> I think it's a wonderful concept. +1 on that.
> How much overhead do you suppose this might impose?

I don't imagine it would be much, just the usual cost of disk
encryption.  If you're decrypting disk pages only on demand and purging
them from memory when done, that would impose some cost, but presumably
anyone with that level of security needs wouldn't care.

> Would your concept permit the ability to simply insert say a USB device
> (stick) with the required material, and be done with it? IOW require no
> additional effort/action(s) on the administrators part?

That would be one way of doing it.  Given the level of security implied
by these proposals, I'd imagine you'd want the actual cryptographic
material to reside on some kind of smart card or HSM.  I could see the
public key technique I described being used to unlock a credential store.

> Thanks for taking something like this on! I think it's a great idea.

To be clear, these are ideas for an R&D proposal I'm developing.
There's no guarantee it will be funded.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20200529/e04a48c7/attachment.sig>