Abstract
With the exponential growth of digital data, it is becoming more and more popular to store data in shared distributed storage systems inside the same organization. In such shared distributed storage systems, an ordinary user usually does not have the control permission over the whole system, and thus cannot secure data storage or data sharing of his own files. To solve this issue, this paper proposes a new system architecture to secure file storing and sharing efficiently over untrusted shared storage and network environments. Based on this architecture, this paper designs and implements a stackable secure storage system called Corslet. Corslet can run directly on deployed underlying storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, and does not require users to maintain or manage any keys on their client machines locally. The Bonnie++ and IOzone benchmark results show that the throughput of Corslet over NFS can achieve more than 90% of native NFS throughput in most tests, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.
Similar content being viewed by others
References
Sandberg R, Goldberg D, Kleiman S, et al. Design and implementation of the SUN network filesystem. In: Proceedings of the Summer USENIX Conference, Portland, USA, 1985. 119–130
Callaghan B, Pawlowski B, Staubach P. NFS version protocol specification. RFC 1813, 1995
Braam P J. The Lustre storage architecture. http://www.lustre.org/documentation.html
Braam P J. The Lustre storage architecture. Cluster File Systems, Inc., Aug. 2004. http://www.lustre.org/documentation.html
Amazon.com. Amazon simple storage service (Amazon S3). http://aws.amazon.com/s3
Weil S A, Brandt S A, Miller E L, et al. Ceph: A scalable, high-performance distributed file system. In: Proceedings of OSDI, Seattle, USA, 2006. 22
Hasan R, Myagmar S, Lee A J, et al. Toward a threat model for storage systems. In: Proceedings of StorageSS, Fairfax, USA, 2005. 94–102
Data Breach Investigation Report, Verizon, 2010. http://www.verizonbusiness.com/resources/reports/rp-2010-databreach-report-en-xg.pdf
Kallahalla M, Riedel E, Swaminathan R, et al. Plutus-scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX File and Storage Technologies, San Francisco, USA, 2003
Riedel E, Kallahalla M, Swaminathan R. A framework for evaluating storage system security. In: Proceedings of FAST, Monterey, USA, 2002. 15–30
Fu K. Group sharing and random access in cryptographic storage file systems. Dissertation for Master’s Degree. Cambridge: Massachusetts Institute of Technology, 1999
Goh E, Shacham H, Modadugu N, et al. SiRiUS: Securing remote untrusted storage. In: Proceedings of the 10th Network and Distributed Systems Security Symposium, San Diego, USA, 2003. 131–145
Merkle R C. A digital signature based on a conventional encryption function. In: Proceedings of CRYPTO’87, Santa Barbara, USA, 1987. 369–378
Geron E, Wool A. CRUST: Cryptographic remote untrusted storage without public keys. In: Proceedings of the 4th International IEEE Security in Storage Workshop, San Diego, USA, 2007. 357–377
Szeredi M. Filesystem in userspace. http://fuse.sourceforge.net
OpenSSL Project. http://www.openssl.org/
NIST. Secure hash standard. Federal Information Processing Standards, FIPS PUB 180-2, 2004
Krawczyk H, Bellare M, Canetti R. HMAC: Keyed-hashing for message authentication. RFC 2104, 1997
NIST. Advanced encryption standard. Federal Information Processing Standards, FIPS PUB 197, 2001
SSL/TLS. http://tools.ietf.org/html/rfc5246
Blaze M. A cryptographic file system for Unix. In: Proceedings of the ACM Conference on Computer and Communications Security, Fairfax, USA, 1993. 9–16
Zadok E, Badulescu I, Shender A. Cryptfs: A stackable vnode level encryption file system. Technical Report CUCS-021-98. 1998
Bindel D, Chew M, Wells C. Extended cryptographic file system. Unpublished manuscript, 1999
Cattaneo G, Catuogno L, Sorbo A D, et al. The design and implementation of a transparent cryptographic filesystem for Unix. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Berkeley, USA, 2001. 199–212
Halcrow M. eCryptfs: A stacked cryptographic filesystem. Linux J, 2007, 156: 2
O’shanahan D P. CryptosFS: Fast cryptographic secure NFS. Dissertation for Master’s Degree. Dublin: University of Dublin, 2000
Kubiatowicz J, Bindel D, Chen Y, et al. Oceanstore: An architecture for global-scale persistent storage. In: Proceedings of ASPLOS, Cambridge, USA, 2000. 190–201
Adya A, Bolosky W, Castro M, et al. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: Proceedings of OSDI, Boston, USA, 2002. 1–14
Miller E, Long D, Freeman W, et al. Strong security for network-attached storage. In: Proceedings of FAST, Monterey, USA, 2002. 1–13
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xue, W., Shu, J., Liu, Y. et al. Corslet: A shared storage system keeping your data private. Sci. China Inf. Sci. 54, 1119–1128 (2011). https://doi.org/10.1007/s11432-011-4259-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-011-4259-y