David Mazières
Dennis Shasha
ABSTRACT
This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another's changes---a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.
- Thomas E. Anderson, Michael D. Dahlin, Jeanna M. Neefe, David A. Patterson, Drew S. Roseli, and Randolph Y. Wang. Serverless network file systems. ACM Transactions on Computer Systems, 14(1):41-79, February 1996. Also appears in Proceedings of the of the 15th Symposium on Operating System Principles. Google Scholar
Digital Library
- David Bindel, Yan Chen, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Westley Weimer, Christopher Wells, Ben Zhao, and John Kubiatowicz. Oceanstore: An exteremely wide-area storage system. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 190-201, 2000.Google Scholar
- Matt Blaze. A cryptographic file system for unix. In 1st ACM Conference on Communications and Computing Security, pages 9-16, November 1993. Google ScholarDigital Library
- William J. Bolosky, John R. Douceur, David Ely, and Marvin Theimer. Feasibility of a serverless distributed file system deployed on an existing set of desktop pcs. In SIGMETRICS, pages 34-43, 2000. Google ScholarDigital Library
- Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance. In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation, pages 173-186, New Orleans, LA, February 1999. Google ScholarDigital Library
- Frank Dabek, M. Frans Kaashoek, David Karger, Robert Morris, and Ion Stoica. Wide-area cooperative storage with cfs. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, pages 202-215, Chateau Lake Louise, Banff, Canada, 2001. ACM. Google ScholarDigital Library
- Dan Duchamp. A toolkit approach to partially disconnected operation. In Proceedings of the 1997 USENIX, pages 305-318. USENIX, January 1997. Google ScholarDigital Library
- Kevin Fu. Group sharing and random access in cryptographic storage file systems. Master's thesis, Massachusetts Institute of Technology, May 1999.Google Scholar
- Kevin Fu, M. Frans Kaashoek, and David Mazières. Fast and secure distributed read-only file system. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, 2000. Google ScholarDigital Library
- Umesh Maheshwari and Radek Vingralek. How to build a trusted database system on untrusted storage. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, San Diego, October 2000. Google ScholarDigital Library
- David Mazières, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles, pages 124-139, Kiawa Island, SC, 1999. ACM. Google ScholarDigital Library
- David Mazières and Dennis Shasha. Building secure file systems out of byzantine storage. Technical Report TR2002-826, NYU Department of Computer Science, May 2002.Google ScholarDigital Library
- Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology---CRYPTO '87, volume 293 of Lecture Notes in Computer Science, pages 369-378, Berlin, 1987. Springer-Verlag. Google ScholarDigital Library
- Ethan Miller, Darrell Long, William Freeman, and Benjamin Reed. Strong security for distributed file systems. In Proceedings of the 20th IEEE International Performance, Computing, and Communications Conference, pages 34-40, Phoenix, AZ, April 2001.Google ScholarCross Ref
- David Reed and Liba Svobodova. Swallow: A distributed data storage system for a local network. In A. West and P. Janson, editors, Local Networks for Computer Communications, pages 355-373. North-Holland Publ., Amsterdam, 1981.Google Scholar
- A. Rowstron and P. Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Middleware, 2001. Google ScholarDigital Library
- Christopher A. Stein, John H. Howard, and Margo I. Seltzer. Unifying file system protection. In Proceedings of the 2001 USENIX. USENIX, June 2001. Google ScholarDigital Library
- Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, and Hari Balakrishnan. Chord: A scalable peer-to-peer lookup service for internet applicatio ns. In Proceedings of the ACM SIGCOMM '01 Conference, San Diego, California, August 2001. Google ScholarDigital Library
- Building secure file systems out of byzantine storage
Recommendations
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03: Proceedings of the 2nd USENIX Conference on File and Storage TechnologiesPlutus is a cryptographic storage system that enables secure file sharing without placing much trust on the file servers. In particular, it makes novel use of cryptographic primitives to protect and share files. Plutus features highly scalable key ...
Secure file storage and retrieval in cloud
Security in cloud storage is an important aspect of cloud computing. In this paper, a novel multi-level encryption scheme which ensures security in cloud is introduced. In this scheme, a modified RSA MRSA key generation algorithm is used to generate the ...
Comments