SlideShare ist ein Scribd-Unternehmen logo
1 von 108
Downloaden Sie, um offline zu lesen
Speeding Up Linux Disk Encryption
Ignat Korchagin
@ignatkn
@ignatkn
$ whoami
● Performance and security at Cloudflare
● Passionate about security and crypto
● Enjoy low level programming
Encrypting data at rest
@ignatkn
The storage stack
applications
@ignatkn
The storage stack
filesystems
applications
@ignatkn
The storage stack
block subsystem
filesystems
applications
@ignatkn
The storage stack
storage hardware
block subsystem
filesystems
applications
@ignatkn
Encryption at rest layers
storage hardware
block subsystem
filesystems
applications
SED, OPAL
@ignatkn
Encryption at rest layers
storage hardware
block subsystem
filesystems
applications
SED, OPAL
LUKS/dm-crypt,
BitLocker,
FileVault
@ignatkn
Encryption at rest layers
storage hardware
block subsystem
filesystems
applications
SED, OPAL
LUKS/dm-crypt,
BitLocker,
FileVault
ecryptfs,
ext4 encryption
or fscrypt
@ignatkn
Encryption at rest layers
storage hardware
block subsystem
filesystems
applications
SED, OPAL
LUKS/dm-crypt,
BitLocker,
FileVault
ecryptfs,
ext4 encryption
or fscrypt
DBMS, PGP,
OpenSSL,
Themis
@ignatkn
Storage hardware encryption
Pros:
● it’s there
● little configuration needed
● fully transparent to applications
● usually faster than other layers
@ignatkn
Storage hardware encryption
Pros:
● it’s there
● little configuration needed
● fully transparent to applications
● usually faster than other layers
Cons:
● no visibility into the implementation
● no auditability
● sometimes poor security
https://support.microsoft.com/en-us/help/4516071/windows-10-update-kb4516071
@ignatkn
Block layer encryption
Pros:
● little configuration needed
● fully transparent to applications
● open, auditable
@ignatkn
Block layer encryption
Pros:
● little configuration needed
● fully transparent to applications
● open, auditable
Cons:
● requires somewhat specialised crypto
● performance issues
● encryption keys in RAM
@ignatkn
Filesystem layer encryption
Pros:
● somewhat transparent to applications
● open, auditable
● more fine-grained
● more choice of crypto + potential integrity support
@ignatkn
Filesystem layer encryption
Pros:
● somewhat transparent to applications
● open, auditable
● more fine-grained
● more choice of crypto + potential integrity support
Cons:
● performance issues
● encryption keys in RAM
● complex configuration
● unencrypted metadata
@ignatkn
Application layer encryption
Pros:
● open, auditable
● fine-grained
● full crypto flexibility
@ignatkn
Application layer encryption
Pros:
● open, auditable
● fine-grained
● full crypto flexibility
Cons:
● encryption keys in RAM
● requires explicit support in code and configuration
● unencrypted metadata
● full crypto flexibility
LUKS/dm-crypt
@ignatkn
Device mapper in Linux
applications
@ignatkn
Device mapper in Linux
applications
filesystems
xfs vfatext4
file I/O
@ignatkn
Device mapper in Linux
applications
block device drivers
nvme brdscsi
filesystems
xfs vfatext4
file I/O
block I/O
@ignatkn
Device mapper in Linux
applications
block device drivers
nvme brdscsi
filesystems
xfs vfatext4
device mapper
dm-crypt dm-mirrordm-raid
file I/O
block I/O
block I/O
@ignatkn
Device mapper in Linux
applications
block device drivers
nvme brdscsi
filesystems
xfs vfatext4
device mapper
dm-crypt dm-mirrordm-raid
file I/O
block I/O
block I/O
@ignatkn
dm-crypt (idealized)
filesystem
block device drivers
@ignatkn
dm-crypt (idealized)
filesystem
dm-crypt
block device drivers
@ignatkn
dm-crypt (idealized)
filesystem
dm-crypt
block device drivers
encrypt
write BIO
encrypted BIO
@ignatkn
dm-crypt (idealized)
filesystem
dm-crypt
block device drivers
encrypt decrypt
write BIO read BIO
encrypted BIOs
@ignatkn
dm-crypt (idealized)
filesystem
dm-crypt
block device drivers
encrypt decrypt
Linux
Crypto API
write BIO read BIO
encrypted BIOs
dm-crypt benchmarking
@ignatkn
Test setup: RAM-based encrypted disk
$ sudo modprobe brd rd_nr=1 rd_size=4194304
@ignatkn
Test setup: RAM-based encrypted disk
$ sudo modprobe brd rd_nr=1 rd_size=4194304
$ fallocate -l 2M crypthdr.img
@ignatkn
Test setup: RAM-based encrypted disk
$ sudo modprobe brd rd_nr=1 rd_size=4194304
$ fallocate -l 2M crypthdr.img
$ sudo cryptsetup luksFormat /dev/ram0 --header 
crypthdr.img
@ignatkn
Test setup: RAM-based encrypted disk
$ sudo modprobe brd rd_nr=1 rd_size=4194304
$ fallocate -l 2M crypthdr.img
$ sudo cryptsetup luksFormat /dev/ram0 --header 
crypthdr.img
$ sudo cryptsetup open --header crypthdr.img 
/dev/ram0 encrypted-ram0
@ignatkn
test storage stack
Test storage stack
/dev/ram0
@ignatkn
test storage stack
Test storage stack
/dev/ram0
/dev/mapper/encrypted-ram0
@ignatkn
test storage stack
Test storage stack
/dev/ram0
/dev/mapper/encrypted-ram0
no filesystem
@ignatkn
test storage stack
Test storage stack
/dev/ram0
/dev/mapper/encrypted-ram0
no filesystemEncrypted
R/W
@ignatkn
test storage stack
Test storage stack
/dev/ram0
/dev/mapper/encrypted-ram0
no filesystemEncrypted
R/W
Unencrypted
R/W
@ignatkn
Test setup: sequential reads
$ sudo fio --filename=/dev/ram0 
--readwrite=readwrite --bs=4k --direct=1 
--loops=1000000 --name=plain
@ignatkn
Test setup: sequential reads
$ sudo fio --filename=/dev/ram0 
--readwrite=readwrite --bs=4k --direct=1 
--loops=1000000 --name=plain
...
READ: io=21013MB, aggrb=1126.5MB/s
WRITE: io=21023MB, aggrb=1126.1MB/s
@ignatkn
Test setup: sequential reads
$ sudo fio 
--filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 
--loops=1000000 --name=crypt
@ignatkn
Test setup: sequential reads
$ sudo fio 
--filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 
--loops=1000000 --name=crypt
...
READ: io=1693.7MB, aggrb=150874KB/s
WRITE: io=1696.4MB, aggrb=151170KB/s
@ignatkn
Test setup: sequential reads
$ sudo fio 
--filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 
--loops=1000000 --name=crypt
...
READ: io=1693.7MB, aggrb=150874KB/s
WRITE: io=1696.4MB, aggrb=151170KB/s
~7x
slower!
@ignatkn
Test setup: sequential reads
$ sudo cryptsetup benchmark -c aes-xts
# Tests are approximate using memory only (no
storage IO).
# Algorithm | Key | Encryption | Decryption
aes-xts 256b 1823.1 MiB/s 1900.3 MiB/s
@ignatkn
Test setup: sequential reads
$ sudo cryptsetup benchmark -c aes-xts
# Tests are approximate using memory only (no
storage IO).
# Algorithm | Key | Encryption | Decryption
aes-xts 256b 1823.1 MiB/s 1900.3 MiB/s
desired: ~696 MB/s, actual: ~294 MB/s
@ignatkn
We tried...
● switching to different cryptographic algorithms
○ aes-xts seems to be the fastest (at least on x86)
@ignatkn
We tried...
● switching to different cryptographic algorithms
○ aes-xts seems to be the fastest (at least on x86)
● experimenting with dm-crypt optional flags
○ “same_cpu_crypt” and “submit_from_crypt_cpus”
@ignatkn
We tried...
● switching to different cryptographic algorithms
○ aes-xts seems to be the fastest (at least on x86)
● experimenting with dm-crypt optional flags
○ “same_cpu_crypt” and “submit_from_crypt_cpus”
● trying filesystem-level encryption
○ much slower and potentially less secure
@ignatkn
Despair
@ignatkn
Ask the community
“If the numbers disturb you, then this is from lack of
understanding on your side. You are probably unaware
that encryption is a heavy-weight operation...“
https://www.spinics.net/lists/dm-crypt/msg07516.html
@ignatkn
But actually...
“Using TLS is very cheap, even at the scale of Cloudflare.
Modern crypto is very fast, with AES-GCM and P256
being great examples.”
https://blog.cloudflare.com/how-expensive-is-crypto-anyway/
@ignatkn
dm-crypt: life of an encrypted BIO request
block device drivers
filesystem
@ignatkn
Crypto APIdm-crypt
dm-crypt: life of an encrypted BIO request
block device drivers
filesystem
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
kcryptd
write
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd
write
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd
write
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd
dmcrypt_write
write
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd
dmcrypt_write
write
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
queues vs latency
“A significant amount of tail latency is
due to queueing effects”
https://www.usenix.org/conference/srecon19asia/presentation/plenz
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
dm-crypt: git archeology
● kcryptd was there from the beginning (2005)
○ only for reads: “it would be very unwise to do decryption in an
interrupt context”
@ignatkn
dm-crypt: git archeology
● kcryptd was there from the beginning (2005)
○ only for reads: “it would be very unwise to do decryption in an
interrupt context”
● some queuing was added to reduce kernel stack
usage (2006)
@ignatkn
dm-crypt: git archeology
● kcryptd was there from the beginning (2005)
○ only for reads: “it would be very unwise to do decryption in an
interrupt context”
● some queuing was added to reduce kernel stack
usage (2006)
● offload writes to thread and IO sorting (2015)
○ for spinning disks, but “may improve SSDs”
○ mentions CFQ scheduler, which is deprecated
@ignatkn
dm-crypt: git archeology
● kcryptd was there from the beginning (2005)
○ only for reads: “it would be very unwise to do decryption in an
interrupt context”
● some queuing was added to reduce kernel stack
usage (2006)
● offload writes to thread and IO sorting (2015)
○ for spinning disks, but “may improve SSDs”
○ mentions CFQ scheduler, which is deprecated
● commits to optionally revert some queuing
○ “same_cpu_crypt” and “submit_from_crypt_cpus” option flags
@ignatkn
dm-crypt: things to reconsider
● most code was added with spinning disks in mind
○ disk IO latency >> scheduling latency
@ignatkn
dm-crypt: things to reconsider
● most code was added with spinning disks in mind
○ disk IO latency >> scheduling latency
● sorting BIOs in dm-crypt probably violates “do one
thing and do it well” Unix principle
○ the task for the IO scheduler
@ignatkn
dm-crypt: things to reconsider
● most code was added with spinning disks in mind
○ disk IO latency >> scheduling latency
● sorting BIOs in dm-crypt probably violates “do one
thing and do it well” Unix principle
○ the task for the IO scheduler
● kcryptd may be redundant as modern Linux Crypto
API is asynchronous by itself
○ remove offloading the offload
@ignatkn
dm-crypt: cleanup
@ignatkn
Crypto APIdm-crypt
block device drivers
filesystem
cryptd
kcryptd_io
kcryptd
dmcrypt_write
write
read
write_tree
dm-crypt: life of an encrypted BIO request
@ignatkn
dm-crypt (synchronous)
filesystem
dm-crypt
block device drivers
encrypt decrypt
write BIO read BIO
encrypted BIOs
@ignatkn
dm-crypt (synchronous)
filesystem
dm-crypt
block device drivers
encrypt decrypt
Sync Linux
Crypto API
write BIO read BIO
encrypted BIOs
@ignatkn
dm-crypt: removing queues
● dm-crypt module: a simple patch, which bypasses all
queues/async threads based on a new runtime flag
@ignatkn
dm-crypt: removing queues
● dm-crypt module: a simple patch, which bypasses all
queues/async threads based on a new runtime flag
● Linux Crypto API is a bit more complicated
○ by default specific implementation is selected dynamically based
on priority
○ aes-ni synchronous implementation is marked as “internal”
○ aes-ni (FPU) is not usable in some interrupt contexts
@ignatkn
dm-crypt: removing queues
● dm-crypt module: a simple patch, which bypasses all
queues/async threads based on a new runtime flag
● Linux Crypto API is a bit more complicated
○ by default specific implementation is selected dynamically based
on priority
○ aes-ni synchronous implementation is marked as “internal”
○ aes-ni (FPU) is not usable in some interrupt contexts
● xtsproxy: a dedicated synchronous aes-xts module
@ignatkn
xtsproxy crypto API module
aes-xts proxy
@ignatkn
xtsproxy crypto API module
aes-xts proxy
Is FPU
available?
@ignatkn
xtsproxy crypto API module
aes-xts proxy
Is FPU
available?
__xts-aes-aesni
yes
@ignatkn
xtsproxy crypto API module
aes-xts proxy
Is FPU
available?
__xts-aes-aesni xts(ecb(aes-generic))
yes no
@ignatkn
xtsproxy crypto API module
aes-xts proxy
Is FPU
available?
__xts-aes-aesni xts(ecb(aes-generic))
yes no
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
$ sudo modprobe xtsproxy
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
$ sudo modprobe xtsproxy
$ sudo dmsetup table encrypted-ram0 --showkeys | sed 
's/aes-xts-plain64/capi:xts-aes-xtsproxy-plain64/' | sed 
's/$/ 1 force_inline/' | sudo dmsetup reload
encrypted-ram0
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
$ sudo modprobe xtsproxy
$ sudo dmsetup table encrypted-ram0 --showkeys | sed 
's/aes-xts-plain64/capi:xts-aes-xtsproxy-plain64/' | sed 
's/$/ 1 force_inline/' | sudo dmsetup reload
encrypted-ram0
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
$ sudo modprobe xtsproxy
$ sudo dmsetup table encrypted-ram0 --showkeys | sed 
's/aes-xts-plain64/capi:xts-aes-xtsproxy-plain64/' | sed 
's/$/ 1 force_inline/' | sudo dmsetup reload
encrypted-ram0
@ignatkn
Test setup: sequential IO
$ sudo fio --filename=/dev/mapper/encrypted-ram0 
--readwrite=readwrite --bs=4k --direct=1 --loops=1000000 
--name=crypt
$ sudo modprobe xtsproxy
$ sudo dmsetup table encrypted-ram0 --showkeys | sed 
's/aes-xts-plain64/capi:xts-aes-xtsproxy-plain64/' | sed 
's/$/ 1 force_inline/' | sudo dmsetup reload
encrypted-ram0
$ sudo dmsetup suspend encrypted-ram0 && sudo dmsetup 
resume encrypted-ram0
@ignatkn
ramdisk: read throughput
@ignatkn
ramdisk: write throughput
@ignatkn
ssd: IO latency (iowait) ● ssd disk
● dm-crypt device
@ignatkn
ssd: IO latency (iowait)
inline enabled
● ssd disk
● dm-crypt device
@ignatkn
Cloudflare cache impact
@ignatkn
Cloudflare cache impact
● unencrypted
● encrypted
● encrypted with patched dm-crypt
Conclusions
@ignatkn
Conclusions
● a simple patch which may improve dm-crypt
performance by 200%-300%
○ fully compatible with stock Linux dm-crypt
○ can be enabled/disabled in runtime without service disruption
@ignatkn
Conclusions
● a simple patch which may improve dm-crypt
performance by 200%-300%
○ fully compatible with stock Linux dm-crypt
○ can be enabled/disabled in runtime without service disruption
● modern crypto is fast and cheap
○ performance degradation is likely elsewhere
@ignatkn
Conclusions
● a simple patch which may improve dm-crypt
performance by 200%-300%
○ fully compatible with stock Linux dm-crypt
○ can be enabled/disabled in runtime without service disruption
● modern crypto is fast and cheap
○ performance degradation is likely elsewhere
● extra queuing may be harmful on modern low
latency storage
@ignatkn
Caveats and future work
● the patch improves performance on small block
size/high IOPS workloads
○ >2MB block size shows worse performance
@ignatkn
Caveats and future work
● the patch improves performance on small block
size/high IOPS workloads
○ >2MB block size shows worse performance
● the whole setup assumes hardware-accelerated
crypto
○ xtsproxy supports x86 only
@ignatkn
Caveats and future work
● the patch improves performance on small block
size/high IOPS workloads
○ >2MB block size shows worse performance
● the whole setup assumes hardware-accelerated
crypto
○ xtsproxy supports x86 only
● your mileage may vary
○ always measure and compare before deployment
○ let us know the results
@ignatkn
Links
● https://gitlab.com/cryptsetup/cryptsetup
● http://man7.org/linux/man-pages/man8/dmsetup.8.html
● https://blog.cloudflare.com/speeding-up-linux-disk-encryption
● https://github.com/cloudflare/linux
Questions?

Weitere ähnliche Inhalte

Was ist angesagt?

Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space Danny Tseng
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıBGA Cyber Security
 
Hashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseHashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseStenio Ferreira
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
Astricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionAstricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionDan Jenkins
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals哲豪 康哲豪
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisBuland Singh
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival GuideKernel TLV
 
MySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & DemoMySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & DemoKeith Hollman
 
Accelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesAccelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesDmitry Vostokov
 
Browsing Linux Kernel Source
Browsing Linux Kernel SourceBrowsing Linux Kernel Source
Browsing Linux Kernel SourceMotaz Saad
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDBRobert Stewart
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine  by Igor SkochinskySecret of Intel Management Engine  by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 
EMC ScaleIO Overview
EMC ScaleIO OverviewEMC ScaleIO Overview
EMC ScaleIO Overviewwalshe1
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseStenio Ferreira
 

Was ist angesagt? (20)

Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space
 
SIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin AnlamıSIEM - Varolan Verilerin Anlamı
SIEM - Varolan Verilerin Anlamı
 
Hashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs EnterpriseHashicorp Terraform Open Source vs Enterprise
Hashicorp Terraform Open Source vs Enterprise
 
Snort
SnortSnort
Snort
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Astricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and ProductionAstricon 2016 - Scaling ARI and Production
Astricon 2016 - Scaling ARI and Production
 
Linux Preempt-RT Internals
Linux Preempt-RT InternalsLinux Preempt-RT Internals
Linux Preempt-RT Internals
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysis
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival Guide
 
MySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & DemoMySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & Demo
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
Alfresco Records Management
Alfresco Records ManagementAlfresco Records Management
Alfresco Records Management
 
Accelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesAccelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slides
 
Terraform Basics
Terraform BasicsTerraform Basics
Terraform Basics
 
Browsing Linux Kernel Source
Browsing Linux Kernel SourceBrowsing Linux Kernel Source
Browsing Linux Kernel Source
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine  by Igor SkochinskySecret of Intel Management Engine  by Igor Skochinsky
Secret of Intel Management Engine by Igor Skochinsky
 
EMC ScaleIO Overview
EMC ScaleIO OverviewEMC ScaleIO Overview
EMC ScaleIO Overview
 
Hashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs EnterpriseHashicorp Vault Open Source vs Enterprise
Hashicorp Vault Open Source vs Enterprise
 

Ähnlich wie stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin

Simplest-Ownage-Human-Observed… - Routers
 Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in ProductionGianluca Arbezzano
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Velocidex Enterprises
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Clustersmalltown
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production OverviewDelve Labs
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slidesDocker, Inc.
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab   extract an executable from a pcap27.2.10 lab   extract an executable from a pcap
27.2.10 lab extract an executable from a pcapFreddy Buenaño
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and morepanagenda
 
CERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8sCERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8sBelmiro Moreira
 
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesSANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesPhil Hagen
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersNéstor Salceda
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsMarian Marinov
 
10 things i wish i'd known before using spark in production
10 things i wish i'd known before using spark in production10 things i wish i'd known before using spark in production
10 things i wish i'd known before using spark in productionParis Data Engineers !
 

Ähnlich wie stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin (20)

Simplest-Ownage-Human-Observed… - Routers
 Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rules
 
Top ESXi command line v2.0
Top ESXi command line v2.0Top ESXi command line v2.0
Top ESXi command line v2.0
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
Docker Forensics
Docker ForensicsDocker Forensics
Docker Forensics
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
 
Docker Security in Production Overview
Docker Security in Production OverviewDocker Security in Production Overview
Docker Security in Production Overview
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
27.2.10 lab extract an executable from a pcap
27.2.10 lab   extract an executable from a pcap27.2.10 lab   extract an executable from a pcap
27.2.10 lab extract an executable from a pcap
 
Webinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and moreWebinar: Automate IBM Connections Installations and more
Webinar: Automate IBM Connections Installations and more
 
CERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8sCERN OpenStack Cloud Control Plane - From VMs to K8s
CERN OpenStack Cloud Control Plane - From VMs to K8s
 
SANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management DatabasesSANS @Night There's Gold in Them Thar Package Management Databases
SANS @Night There's Gold in Them Thar Package Management Databases
 
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software CraftersImplementing Active Security with Sysdig Falco - Barcelona Software Crafters
Implementing Active Security with Sysdig Falco - Barcelona Software Crafters
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
 
10 things i wish i'd known before using spark in production
10 things i wish i'd known before using spark in production10 things i wish i'd known before using spark in production
10 things i wish i'd known before using spark in production
 

Kürzlich hochgeladen

AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAlluxio, Inc.
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...Alluxio, Inc.
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabbereGrabber
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Krakówbim.edu.pl
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfMehmet Akar
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfFurqanuddin10
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024Shane Coughlan
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfmbmh111980
 
How to pick right visual testing tool.pdf
How to pick right visual testing tool.pdfHow to pick right visual testing tool.pdf
How to pick right visual testing tool.pdfTestgrid.io
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionMohammed Fazuluddin
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...rajkumar669520
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Gáspár Nagy
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfQ-Advise
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignNeo4j
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...naitiksharma1124
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024vaibhav130304
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationHelp Desk Migration
 

Kürzlich hochgeladen (20)

AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...
 
How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
How to pick right visual testing tool.pdf
How to pick right visual testing tool.pdfHow to pick right visual testing tool.pdf
How to pick right visual testing tool.pdf
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and Prevention
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data Migration
 

stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin