Securing distributed storage: challenges, techniques, and systems

The rapid increase of sensitive data and the growing number of government regulations that require longterm data retention and protection have forced enterprises to pay serious attention to storage security. In this paper, we discuss important security issues related to storage and present a comprehensive survey of the security services provided by the existing storage systems. We cover a broad range of the storage security literature, present a critical review of the existing solutions, compare them, and highlight potential research issues.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  David Goldberg,et al.  Secure Networking in the Sun Environment , 1986, USENIX Summer.

[3]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[4]  John H. Howard,et al.  On Overview of the Andrew File System , 1988, USENIX Winter.

[5]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[6]  Mahadev Satyanarayanan,et al.  Scalable, secure, and highly available distributed file access , 1990, Computer.

[7]  Mahadev Satyanarayanan,et al.  A SURVEY OF DISTRIBUTED FILE SYSTEMS , 1990 .

[8]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.

[9]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[10]  Matt Blaze,et al.  Key Management in an Encrypting File System , 1994, USENIX Summer.

[11]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[12]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[13]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[14]  John Linn,et al.  The Kerberos Version 5 GSS-API Mechanism , 1996, RFC.

[15]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[18]  Dorothy E. Denning,et al.  A taxonomy for key escrow encryption systems , 1996, CACM.

[19]  Howard Gobioff,et al.  Security for Network Attached Storage Devices , 1997 .

[20]  Lin Ling,et al.  RPCSEC_GSS Protocol Specification , 1997, RFC.

[21]  A. Meyer The Health Insurance Portability and Accountability Act. , 1997, Tennessee medicine : journal of the Tennessee Medical Association.

[22]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[23]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[24]  Thomas D. Wu The Secure Remote Password Protocol , 1998, NDSS.

[25]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[26]  Garth A. Gibson,et al.  Security for a high performance commodity storage subsystem , 1999 .

[27]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[28]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[29]  David Mazières,et al.  Self-certifying file system , 2000 .

[30]  David Robinson,et al.  NFS version 4 Protocol , 2000, RFC.

[31]  Garth A. Gibson,et al.  Scalable and manageable storage systems , 2000 .

[32]  Mike Eisler,et al.  LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM , 2000, RFC.

[33]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[34]  Niels Provos,et al.  Encrypting Virtual Memory , 2000, USENIX Security Symposium.

[35]  Randal C. Burns,et al.  Authenticating Network-Attached Storage , 2000, IEEE Micro.

[36]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[37]  James P. Hughes,et al.  Architecture of the Secure File System , 2001, 2001 Eighteenth IEEE Symposium on Mass Storage Systems and Technologies.

[38]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[39]  Giuseppe Cattaneo,et al.  The Design and Implementation of a Transparent Cryptographic File System for UNIX , 2001, USENIX Annual Technical Conference, FREENIX Track.

[40]  E. Miller,et al.  Strong security for distributed file systems , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[41]  Johannes Kaiser,et al.  Evaluating Security Tools towards Usable Security: A Usability Taxonomy for the Evaluation of Security Tools Based on a Categorization of User Errors , 2002, Usability.

[42]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[43]  Benjamin Reed,et al.  Security considerations when designing a distributed file system using object storage devices , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[44]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[45]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[46]  Ben Y. Zhao,et al.  Distributed Object Location in a Dynamic Network , 2002, SPAA '02.

[47]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[48]  Donald Beaver Network security and storage security: symmetries and symmetry-breaking , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[49]  Ran Canetti,et al.  A two layered approach for securing an object store network , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[50]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[51]  Qian Wang,et al.  USENIX Association Proceedings of FAST ’ 03 : 2 nd USENIX Conference on File and Storage Technologies , 2003 .

[52]  Angelos D. Keromytis,et al.  Proceedings of the Freenix Track: 2003 Usenix Annual Technical Conference Secure and Flexible Global File Sharing , 2022 .

[53]  A. Forrey,et al.  The Health Insurance Portability and Accountability Act: practice of dentistry in the United States: privacy and confidentiality. , 2003, The journal of contemporary dental practice.

[54]  Yongdae Kim,et al.  Decentralized Authentication Mechanisms for Object-based Storage Devices , 2003, Second IEEE International Security in Storage Workshop.

[55]  John Ioannidis,et al.  The CryptoGraphic Disk Driver , 2003, USENIX Annual Technical Conference, FREENIX Track.

[56]  Ben Y. Zhao,et al.  Pond: The OceanStore Prototype , 2003, FAST.

[57]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[58]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[59]  David Mazières,et al.  Decentralized user authentication in a global file system , 2003, SOSP '03.

[60]  Craig A. N. Soules,et al.  Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior , 2003, USENIX Security Symposium.

[61]  Ben Y. Zhao,et al.  Awarded Best Student Paper! - Pond: The OceanStore Prototype , 2003 .

[62]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[63]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[64]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[65]  Erez Zadok,et al.  Avfs: An On-Access Anti-Virus File System , 2004, USENIX Security Symposium.

[66]  D. Stephens The Sarbanes‐Oxley Act , 2005 .

[67]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[68]  James A. Hall,et al.  The Sarbanes-Oxley Act: Implications for large-scale IT outsourcing , 2007, Commun. ACM.