support for file system
play

Support for File system Kyungsik Lee SW Platform Lab., Corporate - PowerPoint PPT Presentation

Nov 12, 2023 •12 likes •242 views

Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20 Mobile Security Mobile Security is an important issue More data could be more danger with mobile devices

  1. Linux Kernel Encryption Support for File system Kyungsik Lee SW Platform Lab., Corporate R&D LG Electronics, Inc. 2016/10/20

  2. Mobile Security • Mobile Security is an important issue  More data could be more danger with mobile devices • Android 6.0 FDE(full-disk encryption)  User data protected against offline attacks  Plaintext -> ciphertext  Based on a Linux Kernel Encryption feature that works at the block device layer 2

  3. Performance Issue (1/2) • Android 5.0(Lollipop) was to have device encryption enabled by default but … • According to Android 6.0 CDD For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec , the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience Excerpted from Android 6.0 Compatibility Definition Document 3

  4. Performance Issue (2/2) • Sequential IO Read/Write  1 CPU core, freq.(0.6~1 GHz) Seq. write Seq. read 120 250 100 200 -40% -60% 80 150 MiB/sec. MiB/sec. 60 100 40 50 20 0 0 ext4 dm-crypt ext4(encrypt) eCryptfs ext4 dm-crypt ext4(encrypt) eCryptfs Cpu-freq. 598000 Cpu-freq. 819000 Cpu-freq. 1001000 cpu-freq. 598000 cpu-freq. 819000 cpu-freq. 1001000 4

  5. Linux Kernel Encryption (1/2) • History  dm-crypt, merged into 2.6.4 kernel(March, 2004)  eCryptfs, 2.6.19 kernel(November, 2006)  Ext4 encryption, 4.1 kernel(Jun, 2015)  VFS Crypto engine, 4.6 kernel => Generic File system Encryption Support 5

  6. Linux Kernel Encryption (2/2) • File system-level encryption, FBE  File-based encryption allows different files to be encrypted with different keys that can be unlocked independently.  File system-level encryption does not typically encrypt filesystem metadata  eCryptfs, ext4 encryption … • Disk encryption, FDE  Disk encryption generally uses the same key for encrypting the whole volume, disk partition  dm- crypt … 6

  7. dm-crypt • Part of the device mapper infrastructure, and uses cryptographic routines • Encrypt whole disks (including removable media), partitions Kernel Internals User space File system Block layer Virtual device Crypto APIs Encrypt/Decrypt Storage 7

  8. eCryptfs • Stacked cryptographic file system • Mount eCryptfs on top of any single directory to protect it Kernel Internals User space Crypto APIs eCryptfs File system(lower) Block layer Storage 8

  9. Ext4 Encryption • In a directory tree marked for encryption, file contents, filenames, and symbolic link targets are all encrypted Kernel Internals User space Crypto APIs Ext4(encrypt) Block layer Storage 9

  10. Case Study • Linux Kernel Encryption Scalability on multi-core system • Testing Environment  CPU core(x4), freq.(0.6 ~ 1 GHz)  CPU based encryption  Cipher type  eCryptfs, aes-cbc  Ext4-encrypt, aes-xts  dm-crypt, aes-cbc-essiv:sha256 10

  11. Sequential Read Prefetching • Readahead Seq. read(MiB/sec.) Seq. read(MiB/sec.) 250 25 200 20 150 15 MiB/sec. MiB/sec. 100 10 50 5 0 0 ext4 ext4-fde ext4(encrypt) ecryptfs-ext4 ext4 dm-crypt ext4(encrypt) eCryptfs ra=disabled ra=enabled cpu=1 cpu=2 11

  12. Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 12

  13. Read throughput • CPU-cores(1/2/4) Seq. read(MiB/sec.) 250 200 x1 x2 150 MiB/sec. x2 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 cpu=4 13

  14. Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) 140 120 100 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 14

  15. Write throughput • CPU-cores(1/2) Seq. write(MiB/sec.) x2 140 x2 120 100 x1 80 MiB/sec. 60 40 20 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 15

  16. Random Read throughput • Random read(IOPS) Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 16

  17. Random Read throughput • Random read(IOPS) Lower File system Page Cache Random read(IOPS) 6000 5000 4000 IOPS 3000 2000 1000 0 ext4 dm-crypt ext4(encrypt) eCryptfs IOPS ra=enabled IOPS ra=disabled 17

  18. Improving Read performance (1/4) • Ext4(encrypt) seq. read throughput Seq. read(MiB/sec.) -75% Decrypt 250 Overhead 200 150 MiB/sec. 100 50 0 ext4 dm-crypt ext4(encrypt) eCryptfs cpu=1 cpu=2 18

  19. Improving Read performance (2/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Bottleneck Ext4(encrypt) thread Block layer Storage 19

  20. Improving Read performance (3/4) • Multi-threaded decryption(ext4) Normal IO Heavy IO User space Decrypt Decrypt Ext4(encrypt) thread Decrypt thread Decrypt thread thread Block layer Storage 20

  21. Improving Read performance (4/4) • Ext4(encrypt) seq. read throughput: +50% 50% Random read(IOPS) Seq. read(MiB/sec.) 3500 80 -18% 70 3000 60 2500 50 2000 MiB/sec. IOPS 40 1500 30 1000 20 500 10 0 0 cpu=1 cpu=2 cpu=4 cpu=1 cpu=2 cpu=4 ext4(encrypt) Patched ext4(encrypt) Patched 21

  22. Conclusion • Seq. read throughput dropped significantly in CPU based encryption, leading to performance degradation • Read(decrypt) overhead: seq. read >> random read • Seq. write throughput falls slightly except eCryptfs • IO throughput of eCryptfs is shown less scalable in multi-core system • Seq. read performance can be improved by applying multi-threaded decryption 22

  23. Q & A 23

Recommend

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
CSE 120 File System Interface What the user/programmer sees File System Implementation

CSE 120 File System Interface What the user/programmer sees File System Implementation

Overview CSE 120 File System Interface What the user/programmer sees File System Implementation How it works Summer, 2006 Day 9 File Systems Instructor: Neil Rhodes 2 What is a File? Typical Filesystem Named collection of related

175 views • 5 slides
File System Implementation Summer 2016 Cornell University Today File allocation Unix

File System Implementation Summer 2016 Cornell University Today File allocation Unix

CS 4410 Operating Systems File System Implementation Summer 2016 Cornell University Today File allocation Unix file system Log-structured file system 2 File system: two design problems User interface: File, directory,

362 views • 21 slides
Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily Wide-area File System storage needs of distributed users. Y. Saito, C. Kaamanolis, M. Karlsson, M. Mahalingam o Enable ad-hoc data sharing.

622 views • 14 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard

Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard

Transaction Support in a Log- Structured File System V E R I T A S Margo I. Seltzer Harvard University Division of Applied Sciences Data Engineering 1993 Outline Introduction Implementation Performance Conclusions

600 views • 15 slides
Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Unit OS8: File System 8.6. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Windows File System Efficiency and Stability of a file system are contradicting requirements. How can the

279 views • 11 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk class it is using It issues block read/write requests to the generic block layer Provide an abstraction Goals Implement an abstraction (files) for

389 views • 37 slides
FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion 11. Outline File-System Structure

516 views • 51 slides
Week 10: File Management What is a file? Elements of file management File

Week 10: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems Week 10: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

498 views • 13 slides
Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary Software is not perfect Bugs in kernel (File system, VM, Device Driver code) Hardware is not perfect Disk errors Memory errors File

613 views • 24 slides
Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Operating System Concepts Silberschatz, Galvin and Gagne 2002 11.1 File Concept

387 views • 15 slides
File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

CS 4410 Operating Systems File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system implemented? Layered file system Directory implementation Allocation methods Free-space management 2

453 views • 18 slides
Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally

Network File System - NFS NFS Specification NFS is a distributed file system (DFS) originally The NFS specification distinguishes between the implemented by Sun Microsystems. services provided by the mount mechanism and the remote file

105 views • 9 slides
File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I.

File System Aging: Increasing the Relevance of File System Benchmarks Keith A. Smith Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences File System Performance 3.0 Read Throughput (MB/sec) 2.5 2.0 1.5 1.0

541 views • 42 slides
CPSC 410/611: File Management What is a file? Elements of file management File

CPSC 410/611: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems CPSC 410/611: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

186 views • 14 slides
Virtual File System Don Porter CSE 306 History Early OSes provided a single file system In

Virtual File System Don Porter CSE 306 History Early OSes provided a single file system In

Virtual File System Don Porter CSE 306 History Early OSes provided a single file system In general, system was pretty tailored to target hardware In the early 80s, people became interested in supporting more than one file system type on

546 views • 35 slides
Operating Systems II Unit OS8: File System 8.3. NTFS Recovery Support Prof. Dr. Andreas Polze,

Operating Systems II Unit OS8: File System 8.3. NTFS Recovery Support Prof. Dr. Andreas Polze,

Operating Systems II Unit OS8: File System 8.3. NTFS Recovery Support Prof. Dr. Andreas Polze, Andreas Grapentin, Bernhard Rabe Roadmap for Sec.on 8.4 The Evolu.on of File Systems Recoverable

540 views • 26 slides
Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS Operation Data Encryption

Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS Operation Data Encryption

Unit OS8: File System 8.3. Encrypting File System Security in Windows Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 8.3 Encrypting File System (EFS) Terminology EFS

250 views • 12 slides
Unix File System API Operating System Hebrew University Spring 2009 1 File System API manuals

Unix File System API Operating System Hebrew University Spring 2009 1 File System API manuals

Unix File System API Operating System Hebrew University Spring 2009 1 File System API manuals The information on file system API can be found on section 2 (Unix and C system calls ) of the Unix/Linux man pages ~> man S 2 open

559 views • 41 slides
The Berkeley File System The Original File System Background Why is the bandwidth low? The

The Berkeley File System The Original File System Background Why is the bandwidth low? The

The Berkeley File System The Original File System Background Why is the bandwidth low? The original UNIX file system was implemented on a The file system used a 512 byte block size. This block PDP-11. size is to small with 10 ms disk

328 views • 8 slides

More recommend