Trusted Platform Based Linux File Access Control

A sort of file access control system based on trusted computing platform has been presented in this paper. Firstly, it can not only control the user access, but also the access process, which can effectively protect the secret documents. Secondly, it can store the secret files on disk in the form of cipher text transparently, which does not affect the users´ operation habits. During the internal processing, it uses TPM data sealing operation to store and manage the encryption and decryption keys securely. Meanwhile the Intel AES-NI extended instruction set has been used to complete encryption/decryption, which can improve the performance greatly. Finally, from the experiment, it shows that the main performance impact is the TPM key loading process, and for 10MB file, the time consumption is less than 0.2 seconds, which can basically meets common user requirements in most cases.