|
FAST 2002 Abstract
Strong Security for Network-Attached Storage
Ethan L. Miller,
University of California, Santa Cruz;
William E. Freeman,
TRW;
Darrell D. E. Long,
University of California, Santa Cruz;
Benjamin C. Reed,
IBM Research
Abstract
We have developed a scheme to secure network-attached
storage systems against many types of attacks.
Our system uses strong cryptography to hide data from
unauthorized users; someone gaining complete access to
a disk cannot obtain any useful data from the system, and
backups can be done without allowing the super-user access
to cleartext. While insider denial-of-service attacks
cannot be prevented (an insider can physically destroy
the storage devices), our system detects attempts to forge
data. The system was developed using a raw disk, and
can be integrated into common file systems.
All of this security can be achieved with little penalty
to performance. Our experiments show that, using a relatively
inexpensive commodity CPU attached to a disk,
our system can store and retrieve data with virtually no
penalty for random disk requests and only a 15-20% performance
loss over raw transfer rates for sequential disk
requests. With such a minor performance penalty, there
is no longer any reason not to include strong encryption
and authentication in network file systems.
- View the full text of this paper in
PDF. Until January 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
