DESIGN AND DEVELOPMENT OF A USER BASED SECURE FILE SYSTEM FOR LINUX USING FUSE

Data storage on personal computers is inherently insecure as authentication and file access control are handled by the host operating system. These security provisions can be bypassed if another operating system is used on the same personal computer. To address this problem, file encryptors, disk encryptors and file system encryptors were developed, each with its drawbacks. By combining the strengths of file encryptors and file system encryptors, these drawbacks can be overcome. To achieve this, a user space file system library must be used. The file system must also have its own authentication and authorization routines to provide uniform access across multiple operating systems. This paper describes the design and development of such a file system for Linux using the FUSE library and the OpenSSL library. The design for this file system was mathematically modelled and formally verified using Alloy analyser. The file system requires the user to provide user name and password for authentication. Each file is encrypted using a separate key to provide security against cryptanalysis. This key is encrypted using the owner’s private key to allow for change of ownership. The password is used to decrypt the user’s private key. The developed file system was tested for authentication and access control successfully. The optimal performance of the file system was perceived at file sizes between 1 kilobyte and 256 megabytes. The performance degradation due to encryption was also measured and found to be within usable limits. This stackable file system can be used on all Unix clones that have FUSE and OpenSSL libraries.