Design and Implementation of a Secure Linux Device Encryption Architecture

Ahmad-Reza Sadeghi, Marcel Winandy, Christian Stüble, Michael Scheibel

LinuxTag 2006.


The EMSCB Security Architecture is used as a trustworthy basis for the implementation of secure distributed applications. In this paper we introduce the prototype for a device encryption system based on the EMSCB security kernel. The goal is to provide a strongly isolated hard-disk encryption for Linux, where the secret key information and all related security-critical operations are not under the control of Linux, but under control of an EMSCB application protected and isolated from Linux. We describe the architecture and the prototype implementation of the device encryption system.