ACM Transactions on Computer Systems (TOCS)
Spritely NFS: experiments with cache-consistency protocols
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Efficient at-most-once messages based on synchronized clocks
ACM Transactions on Computer Systems (TOCS)
Secure communication using remote procedure calls
ACM Transactions on Computer Systems (TOCS)
A flow-based approach to datagram security
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Implementing remote procedure calls
ACM Transactions on Computer Systems (TOCS)
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Authenticating Network-Attached Storage
IEEE Micro
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Framework for Evaluating Storage System Security
FAST '02 Proceedings of the Conference on File and Storage Technologies
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
Agora: a minimal distributed protocol for electronic commerce
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Decoupling policy from mechanism in Internet routing
ACM SIGCOMM Computer Communication Review
A system for authenticated policy-compliant routing
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
SVL: Storage Virtualization Engine Leveraging DBMS Technology
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Secure capabilities for a petabyte-scale object-based distributed file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
Design, implementation and evaluation of security in iSCSI-based network storage systems
Proceedings of the second ACM workshop on Storage security and survivability
Scalable security for large, high performance storage systems
Proceedings of the second ACM workshop on Storage security and survivability
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
A nine year study of file system and storage benchmarking
ACM Transactions on Storage (TOS)
O2S2: enhanced object-based virtualized storage
ACM SIGOPS Operating Systems Review
Proceedings of the 15th ACM conference on Computer and communications security
Extending virtualization services with trust guarantees via behavioral monitoring
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Secure and policy-compliant source routing
IEEE/ACM Transactions on Networking (TON)
Fast and cautious evolution of cloud storage
HotStorage'10 Proceedings of the 2nd USENIX conference on Hot topics in storage and file systems
Key management for large-scale distributed storage systems
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Horus: fine-grained encryption-based security for high performance petascale storage
Proceedings of the sixth workshop on Parallel Data Storage
Horus: fine-grained encryption-based security for large-scale storage
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
Hi-index | 0.00 |
We propose a practical and efficient method for adding security to network-attached disks (NADs). In contrast to previous work, our design requires no changes to the data layout on disk, minimal changes to existing NADs, and only small changes to the standard protocol for accessing remote block-based devices. Thus, existing NAD file systems and storage-management software could incorporate our scheme very easily. Our design enforces security using the well-known idea of self-describing capabilities, with two novel features that limit the need for memory on secure NADs: a scheme to manage revocations based on capability groups, and a replay-detection method using Bloom filters.We have implemented a prototype NAD file system, called Snapdragon, that incorporates our ideas. We evaluated Snapdragon's performance and scalability. The overhead of access control is small: latency for reads and writes increases by less than 0.5 ms (5%), while bandwidth decreases by up to 16%. The aggregate throughput scales linearly with the number of NADs (up to 7 in our experiments).