The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Fast and secure distributed read-only file system
ACM Transactions on Computer Systems (TOCS)
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Framework for Evaluating Storage System Security
FAST '02 Proceedings of the Conference on File and Storage Technologies
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Unifying File System Protection
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
Proceedings of the 11th USENIX Security Symposium
Cryptographic File Systems Performance: What You Don't Know Can Hurt You
SISW '03 Proceedings of the Second IEEE International Security in Storage Workshop
IBM Storage Tank-- A heterogeneous scalable SAN file system
IBM Systems Journal
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Passive NFS Tracing of Email and Research Workloads
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Ensuring data integrity in storage: techniques and applications
Proceedings of the 2005 ACM workshop on Storage security and survivability
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Non-volatile memory and disks:: avenues for policy architectures
Proceedings of the 2007 ACM workshop on Computer security architecture
Athos: Efficient Authentication of Outsourced File Systems
ISC '08 Proceedings of the 11th international conference on Information Security
Proceedings of the 15th ACM conference on Computer and communications security
Efficient integrity checking of untrusted network storage
Proceedings of the 4th ACM international workshop on Storage security and survivability
How Efficient Can Memory Checking Be?
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Protect Disk Integrity: Solid Security, Fine Performance and Fast Recovery
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
On protecting integrity and confidentiality of cryptographic file system for outsourced storage
Proceedings of the 2009 ACM workshop on Cloud computing security
Time and space efficient algorithms for two-party authenticated data structures
ICICS'07 Proceedings of the 9th international conference on Information and communications security
New approaches to security and availability for cloud data
Communications of the ACM
Iris: a scalable cloud file system with efficient integrity checks
Proceedings of the 28th Annual Computer Security Applications Conference
Efficient dynamic provable possession of remote data via balanced update trees
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Hi-index | 0.02 |
In this paper we propose two new constructions for protecting the integrity of files in cryptographic file systems. Our constructions are designed to exploit two characteristics of many file-system workloads, namely low entropy of file contents and high sequentiality of file block writes. At the same time, our approaches maintain the best features of the most commonly used algorithm today (Merkle trees), including defense against replay of stale (previously overwritten) blocks and a small, constant amount of trusted storage per file. Via implementations in the EncFS cryptographic file system, we evaluate the performance and storage requirements of our new constructions compared to those of Merkle trees. We conclude with guidelines for choosing the best integrity algorithm depending on typical application workload.