Subject: Re: encrypted swap?
To: None <tech-kern@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 06/04/2001 18:21:26
> http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz
Whatever happened to plain text? I'd happily have given up the
graphics, or had them turned into external references, for the sake of
a plain text version. (One that's readable online, greppable, can be
cut-and-pasted from, etc.)
But yes, I've read it. A nice piece of work. I think the only thing
I'd add to it is that I'd like to see encryption keys be per-process,
in a sense: I'd take the mechanism as described except that the
encryption key for a page is not just the key for its block of swap,
but that combined somehow (XOR?) with a nonce key attached to the
process that owns the page. (I'm not sure what to do with pages that
belong to multiple processes; perhaps they could travel under the key
of the process that first created them. Perhaps I really mean "VM
object" rather than "process".) I'd get warm fuzzies from knowing that
as soon as my process terminates, its swapped-out precious data goes
unreadable immediately.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B