Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Handbook of Applied Cryptography
Handbook of Applied Cryptography
LegionFS: a secure and scalable file system supporting cross-domain high-performance applications
Proceedings of the 2001 ACM/IEEE conference on Supercomputing
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure capabilities for a petabyte-scale object-based distributed file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Scalable security for large, high performance storage systems
Proceedings of the second ACM workshop on Storage security and survivability
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
PKI Challenges: An Industry Analysis
Proceedings of the 2005 conference on Applied Public Key Infrastructure: 4th International Workshop: IWAP 2005
| Hi-index | 0.00 |
Petabyte-scale file systems are often extremely large, containing gigabytes or terabytes of data that can be spread across hundreds or thousands of storage devices. Hence, the cost of security operations can be very high. Recent security proposals for large-scale file systems have been focussing on the use of hybrid symmetric and asymmetric key cryptographic techniques, in order to strive for a balance between security and performance. However, key management issues, such as distribution, renewal and revocation of keys, have not been explicitly addressed. In this paper, we first show that key management can be very challenging and costly in large-scale systems, and can have significant impact on the scalability of the systems. We then propose a file system security architecture which makes use of lightweight key management techniques. Our approach not only addresses essential key management concerns, it also improves existing proposals with stronger security and better usability.