Secure File and Storage Systems

Description

We are investigating the use of strong authentication, encryption, and other mechanisms to safeguard data stored in network-attached storage systems and long-term archival storage systems. Adding security to large storage systems presents a serious challenge to scalability that we are addressing with the use of aggregate capabilities. We are also exploring protocols to verify remote storage and formal verification of secure network-attached storage.

Status

We have integrated security into the Ceph prototype. Our approach to security in Ceph allows secure access by hundreds of thousands of clients to a single file spread across tens of thousands of object-based storage devices without taxing the metadata servers or any other part of the system. The prototype implementation we developed imposes only a 6–7% overhead on a metadata-heavy workload involving file opens spread across hundreds of clients. We next plan to investigate the potential for including encryption and other strong security measures in Ceph.

We are also implementing a secure long-term archival storage system, POTSHARDS, that does not rely on encryption, instead using secret splitting and approximate pointers to keep data hidden. The archival storage project page has more details on POTSHARDS.

Publications

• Mark W. Storer, Kevin Greenan, Darrell D. E. Long, Ethan L. Miller, Secure Data Deduplication, Proceedings of the 4th International Workshop on Storage Security and Survivability (StorageSS 2008), held in conjunction with the 15th ACM Conference on Computer and Communications Security (CCS 2008), October 2008.
• Andrew Leung, Ethan L. Miller, Stephanie Jones, Scalable Security for Petascale Parallel File Systems, Proceedings of SC '07, November 2007.
• Neerja Bhatnagar, Ethan L. Miller, A Secure and Reliable File System for Sensor Nodes, Proceedings of the 3rd International Workshop on Storage Security and Survivability (StorageSS 2007), held in conjunction with the 14th ACM Conference on Computer and Communications Security (CCS 2007), October 2007.
• Kristal Pollack, Darrell D. E. Long, Richard Golding, Ralph Becker-Szendy, Benjamin C. Reed, Quota Enforcement for High-Performance Distributed Storage Systems, Proceedings of the 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007), September 2007, pages 72-84.
• Kevin Greenan, Ethan L. Miller, Thomas Schwarz, Analysis and Construction of Galois Fields for Efficient Storage Reliability, Technical Report UCSC-SSRC-07-09, August 2007. Revised version published in MASCOTS 2008.
• Mark W. Storer, Kevin Greenan, Ethan L. Miller, Kaladhar Voruganti, POTSHARDS: Secure Long-Term Storage Without Encryption, Proceedings of the 2007 USENIX Technical Conference, June 2007. [slides]
• Andrew Leung, Scalable Security for High Performance, Petascale Storage, Technical Report UCSC-SSRC-07-07, June 2007.
• Andrew Leung, Ethan L. Miller, Scalable Security for Large, High Performance Storage Systems, Proceedings of the 2nd ACM Workshop on Storage Security and Survivability (StorageSS 2006), October 2006.
• Mark W. Storer, Kevin Greenan, Ethan L. Miller, Long-Term Threats to Secure Archives, Proceedings of the 2nd ACM Workshop on Storage Security and Survivability (StorageSS 2006), October 2006.
• Mark W. Storer, Kevin Greenan, Ethan L. Miller, Kaladhar Voruganti, POTSHARDS: Secure Long-Term Archival Storage Without Encryption, Technical Report UCSC-SSRC-06-03, Storage Systems Research Center, University of California, Santa Cruz, September 2006. Later version published in USENIX 2007.
• Avik Chaudhuri, Martín Abadi, Formal Analysis of Dynamic, Distributed File-System Access Controls, Proceedings of the 26th IFIP WG6.1 International Conference on Formal Methods for Networked and Distributed Systems (FORTE '06), September 2006, pages 99-114.
• Thomas Schwarz, Ethan L. Miller, Store, forget, and check: Using algebraic signatures to check remotely administered storage, Proceedings of the IEEE Int'l Conference on Distributed Computing Systems (ICDCS '06), July 2006. [slides]
• Avik Chaudhuri, Martín Abadi, Secrecy by Typing and File-Access Control, Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW '06), July 2006, pages 112-123.
• Mark W. Storer, Kevin Greenan, Ethan L. Miller, Carlos Maltzahn, POTSHARDS: Storing Data for the Long-Term Without Encryption, Proceedings of the 3rd International IEEE Security in Storage Workshop, December 2005.
• Christopher Olson, Ethan L. Miller, Secure Capabilities for a Petabyte-Scale Object-Based Distributed File System, Proceedings of the 2005 ACM Workshop on Storage Security and Survivability (StorageSS 2005), November 2005. Won Best Full Paper award.
• Avik Chaudhuri, Martín Abadi, Formal Security Analysis of Basic Network-Attached Storage, Proceedings of the 3rd ACM Workshop on Formal Methods in Security Engineering (FMSE'05), November 2005, pages 43-52.
• Geoff Kuenning, Ethan L. Miller, Anonymization Techniques for URLs and Filenames, Technical Report UCSC-CRL-03-05, September 2003.
• Scott Banachowski, Zachary Peterson, Ethan L. Miller, Scott A. Brandt, Intra-file security for a distributed file system, Proceedings of the 19th IEEE Symposium on Mass Storage Systems and Technologies, April 2002, pages 153-163.
• Ethan L. Miller, Darrell D. E. Long, William E. Freeman, Benjamin C. Reed, Strong Security for Network-Attached Storage, Proceedings of the 2002 Conference on File and Storage Technologies (FAST), January 2002, pages 1-13.
• Ethan L. Miller, Darrell D. E. Long, William E. Freeman, Benjamin C. Reed, Strong security for distributed file systems, Proceedings of the 20th IEEE International Performance, Computing and Communications Conference (IPCCC '01), April 2001, pages 34–40.
• William E. Freeman, Ethan L. Miller, Design for a decentralized security system for network-attached storage, Proceedings of the 17th IEEE Symposium on Mass Storage Systems and Technologies, March 2000, pages 361–373.