Securing distributed storage: Challenges, techniques, and systems

StorageSS'05 - Proceedings of the 2005 ACM Workshop on Storage Security and Survivability

Volumn , Issue , 2005, Pages 9-25

  Kher, Vishal ^a   Kim, Yongdae ^a  

^a UNIVERSITY OF MINNESOTA   (United States)

Author keywords

Authorization; Confidentiality; Integrity; Intrusion detection; Privacy

Indexed keywords

AUTHORIZATION; CONFIDENTIALITY; INTEGRITY; INTRUSION DETECTION; PRIVACY;

DATA STORAGE EQUIPMENT; DISTRIBUTED COMPUTER SYSTEMS; LAWS AND LEGISLATION;

SECURITY OF DATA;

EID: 33244454312     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1103780.1103783     Document Type: Conference Paper

References (81)

1. The clam antivirus toolkit, http://www.clamav.net.
2. The Directive 2002/58/EC of the European Parliament and of the Council. http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/1_201/1_20120020731en00%370047. pdf.
3. The Health Insurance Portability and Accountability Act. http://www.hipaa.org/.
4. The IEEE Security in Storage Working Group. http://siswg.org.
5. Design Criteria Standard for Electronic Records Management Software Applications (DoD 5015.2-STD). http://www.dtic.mil/whs/directives/corres/html/ 50152std.htm, 2002.
6. The Sarbanes-Oxley Act of 2002. http://news.findlaw.com/hdocs/docs/ gwbush/sarbanesoxley072302.pdf, 2002.
7. K. S. Amiri. Scalable and Manageable Storage Systems. PhD thesis, CMU, December 2000.
8. S. Axelsson. Intrusion detection systems: A survey and taxonomy. White Paper, Chalmers University, Sweden, 2000.
9. A. Azagury, R. Canetti, M. Factor, S. Halevi, E. Henis, D. Naor, N. Rinetzky, O. Rodeh, and J. Satran. A two layered approach for securing an object store network. In SISW, December 2002.
10. D. Beaver. Network security and storage security: Symmetries and symmetry-breaking. In Proceedings of the IEEE Security In Storage Workshop, 2002.
11. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash function for message authentication. Proceedings of CRYPTO, 1996.
12. M. Blaze. A cryptographic file system for UNIX. In Proceedings of the 1st ACM Conference on Communications and Computing Security.
13. M. Blaze. Key management in an encrypting file system, In Proceedings of Summer 1994 USENIX Technical Conference.
14. D. Boneh, G. Crescenzo, R. Ostrovsky, and G. Persiano. Public-key encryption with keyword search. In Proceedings of Eurocrypt, 2004.
15. E. Z. Charles P. Wright, Michael C. Martino. Ncryptfs: A secure and convenient cryptographic file system. In USENIX Annual Technical Conference, June 2003.
16. File integrity checkers. http://ww.serverfiles.com/Network-security- software/File-integrity-checkers/date/.
17. M. Corporation. Encrypting File System for Windows 2000. White Paper, July 1999.
18. M. Corporation. Encrypting file system in Windows XP and Windows Server 2003, August 2002. http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ cryptfs.ms%px.
19. D. E. Denning, M. Bellare, S. Goldwasser, and E. R. Verheul. Descriptions of Key Escrow Systems. http://www.cosc.georgetown.edu/~denning/crypto/Appendix. html, February 1997.
20. D. E. Denning and D. K. Branstad. A taxonomy for key escrow encryption systems. Communications of the ACM, 39(3), 1996.
21. R. C. Dowdeswell and J. Ioannidis. The CryptoGraphic Disk Driver. In Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference, June 2003.
22. M. Dworkin. Recommendation for block cipher modes of operation. In Special Publication 800-38A, NIST, 2001.
23. M. Eisler. LIPKEY - a low infrastructure public key mechanism using SPKM. RFC 2847, June 2000.
24. M. Eisler, A. Chiu, and L. Ling. RPCSEC_GSS protocol specification. RFC 2203, September 1997.
25. A. O. Freier, P. Karlton, and P. C. Kocher. The SSL Protocol Version 3.0. Internet Draft (draft-freier-ssl-version3-02.txt), Networking Group, March 1996. http://wp.netscape.com/eng/ssl3/ssl-toc.html.
26. K. Fu. Group sharing and random access in cryptographic storage file system. Master's thesis, MIT, 1999 June.
27. K. Fu, F. Kaashoek, and D. Mazières. Fast and secure distributed read-only file system. Proceedings ACM Transactions on Computer Systems, 20(1):1-24, February 2002.
28. M. G. S. H. Giuseppe Ateniese, Kevin Fu. Improved proxy re-encryption schemes with applications to secure distributed storage. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), February 2005.
29. A. D. S. Giuseppe Cattaneo, Luigi Catuogno and P. Persiano. Design and implementation of a transparent cryptographic file system for UNIX. In FREENIX Track: 2001 USENIX Annual Technical Conference, June 2001.
30. H. Gobiof. Security for high performance commodity subsystem. PhD thesis, CMU, July 1999.
31. H. Gobioff, G. Gibson, and D. Tygar. Security for network attached storage devices. Technical report, Carnegie Mellon University, 1997.
32. E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. In Proceedings of the Tenth Network and Distributed Systems Security (NDSS) Symposium, pages 131-145, February 2003.
33. E.-J. Goh. Secure indexes. Cryptology ePrint Archive, Report 2003/216, 2003. http://eprint.iacr.org/2003/216/.
34. P. Gutmann. Secure FileSystem (SFS), September 1996. http://www.cs. auckland.ac.nz/~pgut001/sfs.
35. K. Hildrum, J. Kubiatowicz, S. Rao, and B. Zhao. Distributed object location in a dynamic network. In Proceedings of ACM Symposium on Parallel Algorithms and Architectures (SPAA), 2002.
36. J. Howard. An overview of the andrew file system. In Proceedings of the USENIX Winter Technical Conference, Dallas, TX, February 1998.
37. C. F. J. Hughes, Architecture of the secure file system, In Proceedings of the Eighteenth IEEE Symposium on Mass Storage Systems, April 2001.
38. Jetico. BestCrypt. http://www.jetico.com/download.htm.
39. J. Kaiser and M. Reichenbach. Evaluating security tools towards usable security: A usability taxonomy for the evaluation of security tools based on a categorization of user errors. Technical report, Usability, 2002.
40. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus -scalable secure file sharing on untrusted storage. In USENIX File and Storage Technologies (FAST), 2003.
41. M. Kaminsky, G. Savvides, D. Mazieŕes, and M. F. Kaashoek. Decentralized user authentication in a global file system. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, 2003.
42. A. Kent and R. Atkinson. Security architecture for the Internet protocol. RFC 2401, Network Working Group, November 1998. http://www.ietf.org/rfc/ rfc2401.txt.
43. V. Kher and Y. Kim. Decentralized authentication mechanisms for object-based storage devices. In IEEE SISW, October 2003.
44. G. H. Kim and E. H. Spafford. The design and implementation of Tripwire: A file system integrity checker. In ACM Conference on Computer and Communications Security, 1994.
45. J. Kubiatowicz, D. Bindel, Y. Chen, P. Eaton, D. Geels, R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of ACM ASPLOS. ACM, November 2000.
46. J. Li, M. Krohn, D. Mazires, and D. Shasha. Secure untrusted data repository (SUNDR). In OSDI, December 2004.
47. J. Linn. Generic security service application program interface. Request for Comments 1508, September 1993.
48. J. Linn. The kerberos version 5 GSS-API mechanism. RFC 1964, June 1996.
49. D. Mazières. Self-certifying file system. PhD thesis, MIT, May 2000.
50. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, October 1996.
51. R. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, 1987.
52. S. Microsystems. RFC: Remote procedure call. Request for Comments 1050, April 1998.
53. E. Miller, D. Long, W. Freeman, and B. Reed. Strong security for distributed file systems. In Proceedings of the Conference on File and Storage Technologies (FAST 2002), pages 1-13, January 2002.
54. S. Miltchev, V. Prevelakis, S. Ioannidis, J. Ioannidis, A. Keromytis, and J. Smith. Secure and flexible global file sharing. In Proceedings of the USENIX Technical Annual Conference, Freenix Track, 2003.
55. Y. Miretskiy, A. Das, C. Wright, and E. Zadok. Avfs: An on-access anti-virus file system. In Proceedings of the 13th USENIX Security Symposium, 2004.
56. D. Naor, M. Naor, and J. Lotspiech. Revocation and tracing schemes for stateless receivers. In Proceedings of Crypto, volume 2139, pages 41-62, August 2001.
57. B. C. Neumann and T. Ts'o. Kerberos: An authentication service for computer networks. IEEE Communications, 32(9):33-38, September 1994.
58. OpenAFS, open source version of AFS. http://wvw.openafs.org.
59. Information technology - SCSI Object-Based Storage Device Commands -2 (OSD-2). T10 Working Draft, October 2004. http://www.t10.org/ftp/t10/drafts/ osd2/osd2r00.pdf.
60. B. Pawlowski, S. Shepler, C. Beame, B. Callaghan, M. Eisler, D. Noveck, D. Robinson, and R. Thurlow. The NFS version 4 protocol. SANE 2000, May 2000.
61. A. Pennington, J. Strunk, J. Griffin, C. Soules, G. Goodson, and G. Ganger. Storage-based intrusion detection: Watching storage activity for suspicious behavior, In 12th USENIX Security Symposium, Washington, D.C., August 2003.
62. PGPdisk. http://www.pgpi.org/products/pgpdisk/.
63. Draft standard for information technology - portable operating system interface (POSIX) - amendment: Protection, audit and control interfaces. Portable Applications Standards Committee (PASC), November 1992.
64. N. Provos. Encrypting virtual memory. In Proceedings of the 9th USENIX Security Symposium, August 2000.
65. T. Rabin. A simplified approach to threshold and proactive RSA. In Proceedings of Crypto, 1998.
66. B. Reed, E. Chron, R. Burns, and D. D. E. Long. Authenticating network attached storage. IEEE Micro, 20(1):49-57, January 2000.
67. B. C. Reed, M. A. Smith, and D. Diklic. Security considerations when designing a distributed file system using object storage devices. In SISW, December 2002.
68. S. Rhea, P. Eaton, D. Geels, H. Weatherspoon, B. Zhao, and J. Kubiatowicz. Pond: The oceanstore prototype. In Proceedings of the USENIX File and Storage Technologies Conference (FAST), 2003.
69. E. Riedel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage system security. In Proceedings of the Conference on File and Storage Technology, January 2002.
70. M. Satyanarayanan. Integrating security in a large distributed system. ACM Transactions on Computer Systems, 7(3):247-280, 1989.
71. M. Satyanarayanan. Scalable, secure, and highly available distributed file access. IEEE Computer, 23(5), May 1990.
72. M. Satyanarayanan. A survey of distributed file systems. Annual Review of Computer Science, 1990.
73. A. Shamir. How to share a secret. Comm. ACM, 24(11), November 1979.
74. S. Shepler, B. Callaghan, D. Robinson, R. Thurlow, C. Beame, M. Eisler, and D. Noveck. NFS version 4 protocol. RFC 3530, April 2003.
75. J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger. Self-Securing storage: Protecting data in compromised systems. In OSDI, October 2000.
76. The NFS distributed file service. A White Paper from SunSoft, November 1995.
77. E. Swank. SecureDrive. http://www.stack.nl/~galactus/remailers/ securedrive.html.
78. B. Taylor and D. Goldberg. Secure networking in the sun environment, In Proceedings of the Summer Usenix Conference, 1986.
79. A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, 1999.
80. S. Winter. Sentry, http://www.softwinter.com/documentation/nt/sentry_2. htm.
81. T. Wu. The secure remote password protocol. In Proceedings of the Network and Distributed System Security Symposium, 1998.