support for file system
play

Support for File system Kyungsik Lee SW Platform Lab., Corporate - PowerPoint PPT Presentation

Nov 12, 2023 •12 likes •242 views

Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20 Mobile Security Mobile Security is an important issue More data could be more danger with mobile devices

  1. Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20

  2. Mobile Security • Mobile Security is an important issue  More data could be more danger with mobile devices • Android 6.0 FDE(full-disk encryption)  User data protected against offline attacks  Plaintext -> ciphertext  Based on a Linux Kernel Encryption feature that works at the block device layer 2

  3. Performance Issue (1/2) • Android 5.0(Lollipop) was to have device encryption enabled by default but … • According to Android 6.0 CDD For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec , the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience Excerpted from Android 6.0 Compatibility Definition Document 3

  4. Performance Issue (2/2) • Sequential IO Read/Write  1 CPU core, freq.(0.6~1 GHz) Seq. write Seq. read 120 250 100 200 -40% -60% 80 150 MiB/sec. MiB/sec. 60 100 40 50 20 0 0 ext4 dm-crypt ext4(encrypt) eCryptfs ext4 dm-crypt ext4(encrypt) eCryptfs Cpu-freq. 598000 Cpu-freq. 819000 Cpu-freq. 1001000 cpu-freq. 598000 cpu-freq. 819000 cpu-freq. 1001000 4

  5. Linux Kernel Encryption (1/2) • History  dm-crypt, merged into 2.6.4 kernel(March, 2004)  eCryptfs, 2.6.19 kernel(November, 2006)  Ext4 encryption, 4.1 kernel(Jun, 2015)  VFS Crypto engine, 4.6 kernel => Generic File system Encryption Support 5

  6. Linux Kernel Encryption (2/2) • File system-level encryption, FBE  File-based encryption allows different files to be encrypted with different keys that can be unlocked independently.  File system-level encryption does not typically encrypt filesystem metadata  eCryptfs, ext4 encryption … • Disk encryption, FDE  Disk encryption generally uses the same key for encrypting the whole volume, disk partition  dm- crypt … 6

  7. dm-crypt • Part of the device mapper infrastructure, and uses cryptographic routines • Encrypt whole disks (including removable media), partitions Kernel Internals User space File system Block layer Virtual device Crypto APIs Encrypt/Decrypt Storage 7

  8. eCryptfs • Stacked cryptographic file system • Mount eCryptfs on top of any single directory to protect it Kernel Internals User space Crypto APIs eCryptfs File system(lower) Block layer Storage 8

  9. Ext4 Encryption • In a directory tree marked for encryption, file contents, filenames, and symbolic link targets are all encrypted Kernel Internals User space Crypto APIs Ext4(encrypt) Block layer Storage 9

  10. Case Study • Linux Kernel Encryption Scalability on multi-core system • Testing Environment  CPU core(x4), freq.(0.6 ~ 1 GHz)  CPU based encryption  Cipher type  eCryptfs, aes-cbc  Ext4-encrypt, aes-xts  dm-crypt, aes-cbc-essiv:sha256 10

  11. Sequential Read Prefetching • Readahead Seq. read(MiB/sec.) Seq. read(MiB/sec.) 250 25 200 20 150 15 MiB/sec. MiB/sec. 100 10 50 5 0 0 ext4 ext4-fde ext4(encrypt) ecryptfs-ext4 ext4 dm-crypt ext4(encrypt) eCryptfs ra=disabled ra=enabled cpu=1 cpu=2 11

  12. Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 12

  13. Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 x1 x2 150 MiB/sec. x2 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 13

  14. Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) 140 120 100 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 14

  15. Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) x2 140 x2 120 100 x1 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 15

  16. Random Read throughput • Random read(IOPS) Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 16

  17. Random Read throughput • Random read(IOPS) Lower File system Page Cache Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 17

  18. Improving Read performance (1/4) • Ext4(encrypt) seq. read throughput Seq. read(MiB/sec.) -75% Decrypt 250 Overhead 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 18

  19. Improving Read performance (2/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Bottleneck Ext4(encrypt) thread Block layer Storage 19

  20. Improving Read performance (3/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Decrypt Ext4(encrypt) thread Decrypt thread Decrypt thread thread Block layer Storage 20

  21. Improving Read performance (4/4) • Ext4(encrypt) seq. read throughput: +50% 50% Random read(IOPS) Seq. read(MiB/sec.) 3500 80 -18% 70 3000 60 2500 50 2000 MiB/sec. IOPS 40 1500 30 1000 20 500 10 0 0 cpu=1 cpu=2 cpu=4 cpu=1 cpu=2 cpu=4 ext4(encrypt) Patched ext4(encrypt) Patched 21

  22. Conclusion • Seq. read throughput dropped significantly in CPU based encryption, leading to performance degradation • Read(decrypt) overhead: seq. read >> random read • Seq. write throughput falls slightly except eCryptfs • IO throughput of eCryptfs is shown less scalable in multi-core system • Seq. read performance can be improved by applying multi-threaded decryption 22

  23. Q & A 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
CSE 120 File System Interface What the user/programmer sees File System Implementation

CSE 120 File System Interface What the user/programmer sees File System Implementation

Overview CSE 120 File System Interface What the user/programmer sees File System Implementation How it works Summer, 2006 Day 9 File Systems Instructor: Neil Rhodes 2 What is a File? Typical Filesystem Named collection of related

175 views • 5 slides
File System Implementation Summer 2016 Cornell University Today File allocation Unix

File System Implementation Summer 2016 Cornell University Today File allocation Unix

CS 4410 Operating Systems File System Implementation Summer 2016 Cornell University Today File allocation Unix file system Log-structured file system 2 File system: two design problems User interface: File, directory,

362 views • 21 slides
Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily Wide-area File System storage needs of distributed users. Y. Saito, C. Kaamanolis, M. Karlsson, M. Mahalingam o Enable ad-hoc data sharing.

622 views • 14 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard

Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard

Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard University Division of Applied Sciences Data Engineering 1993 Outline Introduction Implementation Performance Conclusions

600 views • 15 slides
Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Unit OS8: File System 8.6. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Windows File System Efficiency and Stability of a file system are contradicting requirements. How can the

279 views • 11 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk class it is using It issues block read/write requests to the generic block layer Provide an abstraction Goals Implement an abstraction (files) for

389 views • 37 slides
FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion 11. Outline File-System Structure

516 views • 51 slides
Week 10: File Management What is a file? Elements of file management File

Week 10: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems Week 10: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

498 views • 13 slides
Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary Software is not perfect Bugs in kernel (File system, VM, Device Driver code) Hardware is not perfect Disk errors Memory errors File

613 views • 24 slides
Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Operating System Concepts Silberschatz, Galvin and Gagne 2002 11.1 File Concept

387 views • 15 slides
File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

CS 4410 Operating Systems File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system implemented? Layered file system Directory implementation Allocation methods Free-space management 2

453 views • 18 slides
Engage Leeds Employment & Engagement Service City Wide project involving 4 Organisations

Engage Leeds Employment & Engagement Service City Wide project involving 4 Organisations

Engage Leeds Employment & Engagement Service City Wide project involving 4 Organisations Contract Holder North West North East South 1500 Clients 500 Clients in across Leeds at each wedge any one time 25 Clients per 1 Employment

367 views • 10 slides
Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos & Tucker Neel See

Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos & Tucker Neel See

Advancing Your Practice: ROME, ITALY Spring Break 2014 Renee Petropoulos & Tucker Neel See breathtaking works of art. Eat the best Italian food of your life. Make new friends. Touch thousands of years of history. Walk in the footsteps of

470 views • 23 slides
A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski

A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski

A presentation from Alena Lewandowski Alena Lewandowski and Lena Kster Alena Lewandowski Welcome to Fritzlar Hello, my name is Alena Lewandowski! Alena Lewandowski! I am 13 years old. Im a pupil at I m a pupil at Bundesprsident-

436 views • 42 slides
http://www.lambdaspa.com - E-Mail: info@lambdaspa.com Cap. Soc. 500.000 i.v. - Reg. Impr.

http://www.lambdaspa.com - E-Mail: info@lambdaspa.com Cap. Soc. 500.000 i.v. - Reg. Impr.

COMPANY PRESENTATION LAMBDA Spa is involved since years in the design, development and implementation of laser equipment for specific use in medical, dental and restoration fields. In 1987 LAMBDA begins its activity in the field of cultural

390 views • 18 slides
Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

1.45k views • 133 slides
1 12 WEST 12th STREET, EXISTING SIDEWALK PLAN NEW YORK, NEW YORK 10011 03-04-2011 EXTEND

1 12 WEST 12th STREET, EXISTING SIDEWALK PLAN NEW YORK, NEW YORK 10011 03-04-2011 EXTEND

EXTEND SIDEWALK REPAIR BEYOND PROPERTY LINE TO INSURE NO TRIP HAZARDS OR DEFECTS AT COMPLETION OF THE WORK. 2' - 2" 13' - 10 1/8" 127.9' PROPERTY LINE EXISTING 26.05' STREET SIGN TO REMAIN KEY EXISTING CONCRETE SIDEWALKS

300 views • 3 slides
Avon & Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020

Avon & Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020

Avon & Somerset Police Cyber Protect Kristian Evans COVID19 Presentation 24 March, 2020 Sources Useful (only slightly technical) Links www.lifewire.com www.howtogeek.com www.ncsc.gov.uk Background Information COVID-19 Being

677 views • 47 slides
Fr. Christopher Marshall & Fr. Gerry Lennon (Chaplain to the Childrens Hospital) Fr Ray

Fr. Christopher Marshall & Fr. Gerry Lennon (Chaplain to the Childrens Hospital) Fr Ray

Metropolitan Cathedral & Basilica of St Chad St Chads Queensway, Birmingham, B4 6EU Tel: Cathedral House 0121 236 2251 or 0121 236 5535 Fax: 0121 230 6281 e-mail: reception@rc-birmingham.org Website: www.stchadscathedral.org.uk Twitter:

259 views • 5 slides

More recommend