What is VPFS

VPFS 2: A mobile file system with the highest security and reliability requirements

Applicant Professor Dr. Hermann Härtig
Technical University Dresden
Faculty of Computer Science
Institute for System Architecture
Professorship for Operating Systems
Technical assignment of computer architectures and embedded systems
Funding Funding from 2010 to 2013
German Research Foundation (DFG) - project number 184062165
Mobile devices such as smartphones and PDAs have developed into indispensable work equipment in many areas due to their enormously increased performance. Professional users in particular are increasingly using them for highly sensitive data - in the health sector, for example, for patient files that are subject to special legal regulations, or for documents that contain company secrets. At the same time, these devices and the data stored in them are constantly exposed to the risk of getting lost or even falling into the wrong hands. The resulting conflict requires security features to protect the mobile data, which are not provided by current monolithic operating systems and system architectures. In contrast, the consistent componentization of micro-kernel-based systems through 1 fine-grained division and isolation of individual functional units allows higher execution security and better protection against attacks [81, 66, 70, 62, 101]. Trusted computing technology promises stronger protection against attackers with physical access to the hardware. The aim of the proposed project is to create a componentized file system architecture that enables significantly stronger security guarantees for mobile data storage and is hardened against online and offline attacks on file system content. The security-critical code base of a file system stack - and thus its attack surface - is to be drastically reduced. The intended minimization of the size and complexity of the security-critical code requires the relocation of uncritical, but for functional reasons necessary for a file system, functionality into untrustworthy components. In the proposed project, the systematic construction and safe cooperation of safety-critical and non-critical components of a functionally powerful file system stack is to be researched. The main challenges are: • Ensuring the confidentiality, integrity and consistency of file system contents if untrustworthy components provide part of the required functionality. • Ensuring recoverability of consistent and correct file system contents after data loss if partially untrustworthy storage infrastructure is used. • Finding a suitable division of components to be regarded as “safe” and “unsafe” and the data structures used.
DFG procedure