Association for Computing Machinery
In this paper the authors describe a cryptographic service framework for the Linux kernel. The framework enables user-space applications to perform operations with cryptographic keys, while at the same time ensuring that applications cannot directly access or extract the keys from storage. The framework makes use of the higher privilege levels of the operating system in order to provide this isolation. The paper discusses the relevant security requirements and expectations, and presents the design of the framework. A comparison with alternative designs is also provided.