Secure File and Storage Systems
We are investigating the use of strong authentication, encryption, and other mechanisms to safeguard data stored in network-attached storage systems and long-term archival storage systems. Adding security to large storage systems presents a serious challenge to scalability that we are addressing with the use of aggregate capabilities. We are also exploring protocols to verify remote storage and formal verification of secure network-attached storage.
We have designed and implemented Horus, a system that offers fine-grained encryption-based security for large-scale storage. Horus encrypts large datasets using keyed hash trees (KHT) to generate different keys for each region of the dataset, providing fine-grained security. KHT also reduces key management and distribution overhead. The design of Horus provides end-to-end data encryption and can reduce the need to trust system operators or cloud service providers. Performance evaluation shows that our prototype’s key distribution is highly scalable and robust. There is a preliminary version of the library available for download.
We have integrated security into Ceph. Our approach to security in Ceph allows secure access by hundreds of thousands of clients to a single file spread across tens of thousands of object-based storage devices without taxing the metadata servers or any other part of the system. The prototype implementation we developed imposes only a 6–7% overhead on a metadata-heavy workload involving file opens spread across hundreds of clients. Building on this approach, we are investigating scalable encryption and limiting the effects of compromised computation nodes. We next plan to investigate the potential for including other strong security measures in Ceph.
We are investigating a system that integrates the seemingly incompatible features of encryption and deduplication. Combining the two can allow for efficient storage of data under arbitrary classification. However, difficult issues arise in combining these features, such as safe data destruction and privacy preservation in the face of network analysis.
In our work on indexing, we are investigating making search both faster and more secure. We use index partitioning schemes based on file system security metadata. By creating partitions where users can see either every file or no files at all, we can prevent statistical attacks made possible in indexing systems that ignore security restrictions. In addition, the number of indexes we need to search is proportional to the number of files the searcher can see, making search more efficient. The indexing and HECURA pages have more information on the application of security and partitioning to large-scale file systems.
We are also implementing a secure long-term archival storage system, POTSHARDS, that does not rely on encryption, instead using secret splitting and approximate pointers to keep data hidden. The archival storage project page has more details on POTSHARDS.
- Scott Banachowski
- Neerja Bhatnagar
- Randal Burns
- Avik Chaudhuri
- William E. Freeman
- Kevin Greenan
- Jeff Hagen
- Andrew Leung
- Christopher Olson
- Zachary Peterson
- Benjamin C. Reed
- Mark W. Storer