Building secure file systems out of Byzantine storage

David Mazières, Dennis Shasha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another's changes-a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.

Original languageEnglish (US)
Title of host publicationProceedings of the Annual ACM Symposium on Principles of Distributed Computing
Pages108-117
Number of pages10
StatePublished - 2002
EventProceedings of the Twenty - First Annual ACM Symposium on Principles of Distributed Computing PODC 2002 - Monterey, CA, United States
Duration: Jul 21 2002Jul 24 2002

Other

OtherProceedings of the Twenty - First Annual ACM Symposium on Principles of Distributed Computing PODC 2002
CountryUnited States
CityMonterey, CA
Period7/21/027/24/02

Fingerprint

Servers
Network protocols
Communication

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Cite this

Mazières, D., & Shasha, D. (2002). Building secure file systems out of Byzantine storage. In Proceedings of the Annual ACM Symposium on Principles of Distributed Computing (pp. 108-117)

Building secure file systems out of Byzantine storage. / Mazières, David; Shasha, Dennis.

Proceedings of the Annual ACM Symposium on Principles of Distributed Computing. 2002. p. 108-117.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mazières, D & Shasha, D 2002, Building secure file systems out of Byzantine storage. in Proceedings of the Annual ACM Symposium on Principles of Distributed Computing. pp. 108-117, Proceedings of the Twenty - First Annual ACM Symposium on Principles of Distributed Computing PODC 2002, Monterey, CA, United States, 7/21/02.
Mazières D, Shasha D. Building secure file systems out of Byzantine storage. In Proceedings of the Annual ACM Symposium on Principles of Distributed Computing. 2002. p. 108-117
Mazières, David ; Shasha, Dennis. / Building secure file systems out of Byzantine storage. Proceedings of the Annual ACM Symposium on Principles of Distributed Computing. 2002. pp. 108-117
@inproceedings{6a1ef5723a1a401fa92964c637c98bd8,
title = "Building secure file systems out of Byzantine storage",
abstract = "This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another's changes-a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.",
author = "David Mazi{\`e}res and Dennis Shasha",
year = "2002",
language = "English (US)",
pages = "108--117",
booktitle = "Proceedings of the Annual ACM Symposium on Principles of Distributed Computing",

}

TY - GEN

T1 - Building secure file systems out of Byzantine storage

AU - Mazières, David

AU - Shasha, Dennis

PY - 2002

Y1 - 2002

N2 - This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another's changes-a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.

AB - This paper shows how to implement a trusted network file system on an untrusted server. While cryptographic storage techniques exist that allow users to keep data secret from untrusted servers, this work concentrates on the detection of tampering attacks and stale data. Ideally, users of an untrusted storage server would immediately and unconditionally notice any misbehavior on the part of the server. This ideal is unfortunately not achievable. However, we define a notion of data integrity called fork consistency in which, if the server delays just one user from seeing even a single change by another, the two users will never again see one another's changes-a failure easily detectable with on-line communication. We give a practical protocol for a multi-user network file system called SUNDR, and prove that SUNDR offers fork consistency whether or not the server obeys the protocol.

UR - http://www.scopus.com/inward/record.url?scp=0036953818&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0036953818&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0036953818

SP - 108

EP - 117

BT - Proceedings of the Annual ACM Symposium on Principles of Distributed Computing

ER -