We propose T-Kernel/SS (Secure Storage), a secure file system with access control protection using tamper-resistant chip. The main feature of our system is to protect access control from policy enforcement violation even when the operating system is replaced or when disks are peeked or tampered physically. Our approach consists in protecting access control by doing sensitive operations on tamper-resistant hardware with access control capabilities. This method is considered a replacement for kernel reference monitor, which cannot enforce access control in situations where secure file systems are designed to protect data confidentiality. As a proof-of-concept, we implemented a secure file system with access control protection. Evaluation results show that our file system can ensure access control in secure file systems which is usable for applications that require this feature.
