GPFS: A Shared-Disk File System for Large Computing Clusters
FAST '02 Proceedings of the Conference on File and Storage Technologies
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Secrecy, authentication, and public key systems.
Secrecy, authentication, and public key systems.
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Ceph: a scalable, high-performance distributed file system
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
PVFS: a parallel file system for linux clusters
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Quota enforcement for high-performance distributed storage systems
MSST '07 Proceedings of the 24th IEEE Conference on Mass Storage Systems and Technologies
Stateless data concealment for distributed systems
Journal of Computer and System Sciences
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Pergamum: replacing tape with energy efficient, reliable, disk-based archival storage
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Scalable performance of the Panasas parallel file system
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Gordon: using flash memory to build fast, power-efficient clusters for data-intensive applications
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
The Hadoop Distributed File System
MSST '10 Proceedings of the 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST)
Hybrid checkpointing using emerging nonvolatile memories for future exascale systems
ACM Transactions on Architecture and Code Optimization (TACO)
Horus: fine-grained encryption-based security for high performance petascale storage
Proceedings of the sixth workshop on Parallel Data Storage
New directions in cryptography
IEEE Transactions on Information Theory
Key management approaches to offer data confidentiality for secure multicast
IEEE Network: The Magazine of Global Internetworking
| Hi-index | 0.00 |
With the growing use of large-scale distributed systems, the likelihood that at least one node is compromised is increasing. Large-scale systems that process sensitive data such as geographic data with defense implications, drug modeling, nuclear explosion modeling, and private genomic data would benefit greatly from strong security for their storage. Nevertheless, many high performance computing (HPC), cloud, or secure content delivery network (SCDN) systems that handle such data still store them unencrypted or use simple encryption schemes, relying heavily on physical isolation to ensure confidentiality, providing little protection against compromised computers or malicious insiders. Moreover, current encryption solutions cannot efficiently provide fine-grained encryption for large datasets. Our approach, Horus, encrypts large datasets using keyed hash trees (KHTs) to generate different keys for each region of the dataset, providing fine-grained security: the key for one region cannot be used to access another region. Horus also reduces key management and distribution overhead while providing end-to-end data encryption and reducing the need to trust system operators or cloud service providers. Horus requires little modification to existing systems and user applications. Performance evaluation shows that our prototype's key distribution is highly scalable and robust: a single key server can provide 140,000 keys per second, theoretically enough to sustain more than 100 GB/s I/O throughput, and multiple key servers can efficiently operate in parallel to support load balancing and reliability.