Check out the new USENIX Web site. next up previous
Next: Secure Co-Editing Up: Demonstration Applications Previous: Secure Whiteboard

Secure File Sharing

A rule followed in the Enclaves design is that, apart from group state information such as group key or group membership, each enclave is protected from other enclaves and the outside world in that nothing is shared until a group member explicitly introduces it into the group.

Consequently, when an Enclaves group is formed, the group shares a virtual file system space that is in most cases initially empty. This file space can be thought as something like $GROUP_PATH/enclaves/ (where GROUP_PATH is a user-defined Unix shell variable) and may map to completely different positions within the file systems used by individual group members. In fact, two members could locally use entirely different types of file systems. When a member introduces a directory from his local file system into the group, the subtree becomes available to all group members. The availability of individual files depends on the protection bits on each file.

When a file is explicitly introduced into the group, a reference is entered into a shared-file list (i.e., the virtual file space in Enclaves) at every member's site. The file now is available for other group members (including the leader) to access. A member can click on the entry to access the file (e.g., view a gif file or edit a text file). Because the group leader coordinates all changes to shared files, the leader has the most up-to-date version. Thus, the open request is serviced by the leader, not by the member who originally introduced the file. This design choice can be changed, depending on the actual group structure.



Li Gong
Fri May 17 15:07:56 PDT 1996
?Need help? Use our Contacts page.

Last changed: 1 May 2002 aw
Conference Index
USENIX home