ACM Transactions on Computer Systems (TOCS)
Spritely NFS: experiments with cache-consistency protocols
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Efficient at-most-once messages based on synchronized clocks
ACM Transactions on Computer Systems (TOCS)
Secure communication using remote procedure calls
ACM Transactions on Computer Systems (TOCS)
A flow-based approach to datagram security
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Implementing remote procedure calls
ACM Transactions on Computer Systems (TOCS)
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Authenticating Network-Attached Storage
IEEE Micro
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Framework for Evaluating Storage System Security
FAST '02 Proceedings of the Conference on File and Storage Technologies
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
Agora: a minimal distributed protocol for electronic commerce
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
md5bloom: Forensic filesystem hashing revisited
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
We propose a practical and efficient method for adding security to network-attached disks (NADs). In contrast to previous work, our design requires no changes to the data layout on disk, minimal changes to existing NADs, and only small changes to the standard protocol for accessing remote block-based devices. Thus, existing NAD file systems and storage-management software could incorporate our scheme very easily. Our design enforces security using the well-known idea of self-describing capabilities, with two novel features that limit the need for memory on secure NADs: a scheme to manage revocations based on capability groups, and a replay-detection method using Bloom filters. We have implemented a prototype NAD file system, called Snapdragon, that incorporates our ideas. We evaluated Snapdragon's performance and scalability. The overhead of access control is small: latency for reads and writes increases by less than 0.5 ms (5%), while bandwidth decreases by up to 16%. The aggregate throughput scales linearly with the number of NADs (up to 7 in our experiments).