Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
FAST 2002 Abstract

Strong Security for Network-Attached Storage

Ethan L. Miller, University of California, Santa Cruz; William E. Freeman, TRW; Darrell D. E. Long, University of California, Santa Cruz; Benjamin C. Reed, IBM Research

Abstract

We have developed a scheme to secure network-attached storage systems against many types of attacks. Our system uses strong cryptography to hide data from unauthorized users; someone gaining complete access to a disk cannot obtain any useful data from the system, and backups can be done without allowing the super-user access to cleartext. While insider denial-of-service attacks cannot be prevented (an insider can physically destroy the storage devices), our system detects attempts to forge data. The system was developed using a raw disk, and can be integrated into common file systems.

All of this security can be achieved with little penalty to performance. Our experiments show that, using a relatively inexpensive commodity CPU attached to a disk, our system can store and retrieve data with virtually no penalty for random disk requests and only a 15-20% performance loss over raw transfer rates for sequential disk requests. With such a minor performance penalty, there is no longer any reason not to include strong encryption and authentication in network file systems.

  • View the full text of this paper in PDF. Until January 2003, you will need your USENIX membership identification in order to access the full papers.
    The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.

  • If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.

  • To become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 27 Dec. 2001 ml
Technical Program
FAST 2002 Home
USENIX home