Fast and secure distributed read-only file system

Internet users increasingly rely on publicly available data for everything from software installation to investment decisions. Unfortunately, the vast majority of public content on the Internet comes with no integrity or authenticity guarantees. This paper presents the self-certifying read-only file system, a content distribution system providing secure, scalable access to public, read-only data.The read-only file system makes the security of published content independent from that of the distribution infrastructure. In a secure area (perhaps off-line), a publisher creates a digitally signed database out of a file system's contents. The publisher then replicates the database on untrusted content-distribution servers, allowing for high availability.The read-only file system avoids performing any cryptographic operations on servers and keeps the overhead of cryptography low on clients, allowing servers to scale to a large number of clients. Measurements of an implementation show that an individual server running on a 550-Mhz Pentium III with FreeBSD can support 1,012 connections per second and 300 concurrent clients compiling a large software package.

[1]  A. Retrospective,et al.  The UNIX Time-sharing System , 1977 .

[2]  Hugh C. Williams,et al.  A modification of the RSA public-key encryption procedure (Corresp.) , 1980, IEEE Trans. Inf. Theory.

[3]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[4]  Mahadev Satyanarayanan,et al.  Scalable, secure, and highly available distributed file access , 1990, Computer.

[5]  RosenblumMendel,et al.  The design and implementation of a log-structured file system , 1991 .

[6]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.

[7]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[8]  Raj Srinivasan,et al.  XDR: External Data Representation Standard , 1995, RFC.

[9]  Brent Callaghan,et al.  NFS Version 3 Protocol Specification , 1995, RFC.

[10]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[11]  Garret Swart,et al.  The Echo Distributed File System , 1996 .

[12]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[13]  Dan Duchamp A toolkit approach to partially connected operation , 1997 .

[14]  Warwick Ford,et al.  Secure electronic commerce , 1997 .

[15]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[16]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[17]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[18]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[19]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[20]  David R. Karger,et al.  Web Caching with Consistent Hashing , 1999, Comput. Networks.

[21]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[22]  Garth A. Gibson,et al.  Embedded Security for Network-Attached Storage, , 1999 .

[23]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[24]  Miguel Castro,et al.  Proactive recovery in a Byzantine-fault-tolerant system , 2000, OSDI.

[25]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[26]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[27]  Ben Y. Zhao,et al.  OceanStore: An Extremely Wide-Area Storage System , 2002, ASPLOS 2002.