[Cryptography] Can crypto implement OS/FS protections ?

Henry Baker hbaker1 at pipeline.com
Tue Nov 22 09:56:08 EST 2022

-----Original Message-----
From: Jerrold Leichter <leichter at lrw.com>
Sent: Nov 21, 2022 12:21 PM
To: Henry Baker <hbaker1 at pipeline.com>
Cc: <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Can crypto implement OS/FS protections ?

> I've been wondering how many of the current OS/page table and file
> system protections can be theoretically implemented via cryptography.
Well, let’s start simply. You can certainly control *read* access by encryption (though there are limits to the protection - e.g., suppose I want to say that if you don’t have read access to a file, you can’t even tell if it’s been changed since you last looked). But how would you control *write* access? The obvious starting point is to require that the data proposed to be written be signed - but then what?

o The system can check the signature for validity before committing the new value. But that’s ultimately not “using cryptography” - it’s just giving the OS (or the hardware if you want to embed such checks there, as certainly happens for main memory access) a more complex way to *decide* who can actually write. If the OS gets the check wrong, maybe you can catch that when you come to read the data, but the original value is gone.

o The system just stores all offered writes, and it’s up to the reader to pick the most recent one that has a valid signature. While this works, it doesn’t seem at all practical except in some very specialized applications.

Note that blockchain writes are related to the first approach, where you need some distributed agreement to be able to add to the blockchain. But the *agreement itself* - the enforcement of whatever policy controls what can be added - isn’t *implemented or enforced* by the cryptography, but by decision procedures that *rely on* the cryptography. Break the decision procedures and, at best, the crypto will keep stuff that was supposed to be secret still secret.

*Maybe* one could do something with homomorphic cryptography, where the “write” is a function implemented “inside” the cryptographic envelope? I don’t see it offhand, but it could be.

Without the ability to cryptographically enforce who has write access, I don’t see how you can get very far in implementing OS/FS protections.

-- Jerry

Consider Unix/Linux read/write/execute/owner/group protections.

Wouldn't 'execute' be analogous to today's 'trusted boot' chains ?

Presumably 'owner' would be connected to a public key for the owner.

Are there crypto versions of 'group' ?

More information about the cryptography mailing list