Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Fast and secure distributed read-only file system
ACM Transactions on Computer Systems (TOCS)
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Framework for Evaluating Storage System Security
FAST '02 Proceedings of the Conference on File and Storage Technologies
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Architecture of the Secure File System
MSS '01 Proceedings of the Eighteenth IEEE Symposium on Mass Storage Systems and Technologies
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
On incremental file system development
ACM Transactions on Storage (TOS)
eCryptfs: a stacked cryptographic filesystem
Linux Journal
Auto-pilot: a platform for system software benchmarking
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Key management in an encrypting file system
USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
Operating system profiling via latency analysis
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
GreenFS: making enterprise computers greener by protecting them better
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Configurable security for scavenged storage systems
Proceedings of the 4th ACM international workshop on Storage security and survivability
| Hi-index | 0.00 |
With the advent of NFS version 4, NFS security is more important than ever. This is because a main goal of the NFSv4 protocol is suitability for use on the Internet, whereas previous versions were used mainly on private networks. To address these security concerns, the NFSv4 protocol utilizes the RPCSEC GSS protocol and allows clients and servers to negotiate security at mount-time. However, this provides privacy only while data is traveling over the wire. We believe that file servers accessible over the Internet should contain only encrypted data. We present a round-trip privacy scheme for NFSv4, where clients encrypt file data for write requests, and decrypt the data for read requests. The data stored by the server on behalf of the clients is encrypted. This helps ensure privacy if the server or storage is stolen or compromised. As the NFSv4 protocol was designed with extensibility, it is the ideal place to add roundtrip privacy. In addition to providing a higher level of security than only over-the-wire encryption, our technique is more efficient, as the server is relieved from performing encryption and decryption. We developed a prototype of our round-trip privacy scheme. In our performance evaluation, we saw throughput increases of up to 24%, as well as good scalability.