Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
PGP source code and internals
Serverless network file systems
ACM Transactions on Computer Systems (TOCS) - Special issue on operating system principles
An empirical study of a wide-area distributed file system
ACM Transactions on Computer Systems (TOCS)
Petal: distributed virtual disks
Proceedings of the seventh international conference on Architectural support for programming languages and operating systems
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Authenticating Network-Attached Storage
IEEE Micro
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Proceedings of the Third International Workshop on Fast Software Encryption
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
An Experimental Analysis of Cryptographic Overhead in Performance-Critical Systems
MASCOTS '99 Proceedings of the 7th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
How to build a trusted database system on untrusted storage
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Key management in an encrypting file system
USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
Middleware for a re-configurable distributed archival store based on secret sharing
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Secure key-updating for lazy revocation
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Confidential information protection system for mobile devices
Security and Communication Networks
Recoverable encryption through a noised secret over a large cloud
Transactions on Large-Scale Data- and Knowledge-centered systems IX
| Hi-index | 0.00 |
We have developed a scheme to secure network-attached storage systems against many types of attacks. Our system uses strong cryptography to hide data from unauthorized users; someone gaining complete access to a disk cannot obtain any useful data from the system, and backups can be done without allowing the super-user access to cleartext. While insider denial-of-service attacks cannot be prevented (an insider can physically destroy the storage devices), our system detects attempts to forge data. The system was developed using a raw disk, and can be integrated into common file systems. All of this security can be achieved with little penalty to performance. Our experiments show that, using a relatively inexpensive commodity CPU attached to a disk, our system can store and retrieve data with virtually no penalty for random disk requests and only a 15-20% performance loss over raw transfer rates for sequential disk requests. With such a minor performance penalty, there is no longer any reason not to include strong encryption and authentication in network file systems.