Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Efficient dispersal of information for security, load balancing, and fault tolerance
Journal of the ACM (JACM)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
How to share a function securely
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
Serverless network file systems
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Witness-based cryptographic program checking and robust function sharing
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A Non-interactive Public-Key Distribution System
Designs, Codes and Cryptography
Effective erasure codes for reliable computer communication protocols
ACM SIGCOMM Computer Communication Review
Robust efficient distributed RSA-key generation
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Communications of the ACM
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
A scalable content-addressable network
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient generation of shared RSA keys
Journal of the ACM (JACM)
Fast and secure distributed read-only file system
ACM Transactions on Computer Systems (TOCS)
Looking up data in P2P systems
Communications of the ACM
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Simplified Approach to Threshold and Proactive RSA
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Modified Maurer-Yacobi`s scheme and its applications
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Optimal-resilience proactive public-key cryptosystems
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Asynchronous Byzantine consensus
PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing
An asynchronous [(n - 1)/3]-resilient consensus protocol
PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing
Farsite: federated, available, and reliable storage for an incompletely trusted environment
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Distributed Computing: Fundamentals, Simulations and Advanced Topics
Distributed Computing: Fundamentals, Simulations and Advanced Topics
Handbook of Mathematical Functions, With Formulas, Graphs, and Mathematical Tables,
Handbook of Mathematical Functions, With Formulas, Graphs, and Mathematical Tables,
Lazy Revocation in Cryptographic File Systems
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Maintaining Object Ordering in a Shared P2P Storage Environment
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Cryptree: A Folder Tree Structure for Cryptographic File Systems
SRDS '06 Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Key management in an encrypting file system
USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
Distributed Privilege Enforcement in PACS
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Hi-index | 0.00 |
A common challenge in fully distributed storage systems is the management of access rights to stored files. PACISSO is an efficient and scalable solution for distributed access control, applicable to systems consisting entirely of untrusted nodes. We give both theoretical bounds on the cost of basic operations, and also include end-to-end measurements based on an implementation within a complete P2P object store named Celeste. All measurements revealed an efficient behavior which scales to very large numbers of users and objects. In more detail, our access control scheme requires only minimal trust in single peers. Write access control is carried out by a set of Gatekeeper nodes which act on behalf of the file owner, and assert authorization of write operations by a Byzantine-fault-tolerant protocol and a shared-signature scheme. While the same Gatekeepers assure read access to the latest written version through a new protocol, we adapt previous research on group key management to achieve scalable read access control. Our approach allows for re-constitution of the Gatekeepers at runtime, in effect making them self-organizing for changing object ownership, for establishing messaging services, and also for allowing users to determine the groups and objects to which they have access.