Farsite: federated, available, and reliable storage for an incompletely trusted environment

Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers. Farsite provides file availability and reliability through randomized replicated storage; it ensures the secrecy of file contents with cryptographic techniques; it maintains the integrity of file and directory data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a distributed hint mechanism and delegation certificates for pathname translations; and it achieves good performance by locally caching file data, lazily propagating file updates, and varying the duration and granularity of content leases. We report on the design of Farsite and the lessons we have learned by implementing much of that design.

[1]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[2]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[3]  R. Blahut Theory and practice of error control codes , 1983 .

[4]  R. S. Fabry,et al.  A fast file system for UNIX , 1984, TOCS.

[5]  A. Morton-Cooper The enemy within. , 1984, Nursing mirror.

[6]  Robert S. Fabry,et al.  A fast file system for UNIX , 1984, TOCS.

[7]  David A. Goldberg,et al.  Design and Implementation of the Sun Network Filesystem , 1985, USENIX Conference Proceedings.

[8]  J.L. Massey,et al.  Theory and practice of error control codes , 1986, Proceedings of the IEEE.

[9]  Jim Gray,et al.  Why Do Computers Stop and What Can Be Done About It? , 1986, Symposium on Reliability in Distributed Software and Database Systems.

[10]  Mahadev Satyanarayanan,et al.  Scale and performance in a distributed file system , 1987, SOSP '87.

[11]  Andrew R. Cherenson,et al.  The Sprite network operating system , 1988, Computer.

[12]  Evi Nemeth,et al.  UNIX System administration handbook , 1995 .

[13]  John S. Heidemann,et al.  Replication in Ficus distributed file systems , 1990, [1990] Proceedings. Workshop on the Management of Replicated Data.

[14]  Mary Baker,et al.  Measurements of a distributed file system , 1991, SOSP '91.

[15]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[16]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[17]  Mahadev Satyanarayanan,et al.  Disconnected Operation in the Coda File System , 1999, Mobidata.

[18]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[19]  David A. Patterson,et al.  Serverless network file systems , 1995, SOSP.

[20]  Marvin Theimer,et al.  Managing update conflicts in Bayou, a weakly connected replicated storage system , 1995, SOSP.

[21]  Wei Hu,et al.  Scalability in the XFS File System , 1996, USENIX Annual Technical Conference.

[22]  Chandramohan A. Thekkath,et al.  Petal: distributed virtual disks , 1996, ASPLOS VII.

[23]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[24]  R. Anderson The Eternity Service , 1996 .

[25]  Chandramohan A. Thekkath,et al.  Frangipani: a scalable distributed file system , 1997, SOSP.

[26]  Andrew V. Goldberg,et al.  Towards an archival Intermemory , 1998, Proceedings IEEE International Forum on Research and Technology Advances in Digital Libraries -ADL'98-.

[27]  Werner Vogels,et al.  File system usage in Windows NT 4.0 , 1999, SOSP.

[28]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[29]  Norman C. Hutchinson,et al.  Deciding when to forget in the Elephant file system , 1999, SOSP.

[30]  Jim Gemmell,et al.  Fcast Multicast File Distribution: "Tune in, Download, and Drop Out" , 1999, IMSA.

[31]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[32]  William J. Bolosky,et al.  A large-scale study of file-system contents , 1999, SIGMETRICS '99.

[33]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[34]  Mark Russinovich,et al.  Inside Microsoft Windows 2000 , 2000 .

[35]  William J. Bolosky,et al.  Single instance storage in Windows® 2000 , 2000 .

[36]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[37]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[38]  William J. Bolosky,et al.  Single Instance Storage in Windows , 2000 .

[39]  Marvin Theimer,et al.  Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs , 2000, SIGMETRICS '00.

[40]  Dennis Shasha,et al.  Don't trust your file server , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[41]  Roger Wattenhofer,et al.  Optimizing file availability in a secure serverless distributed file system , 2001, Proceedings 20th IEEE Symposium on Reliable Distributed Systems.

[42]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[43]  Antony I. T. Rowstron,et al.  Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility , 2001, SOSP.

[44]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[45]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[46]  William J. Bolosky,et al.  A secure directory service based on exclusive encryption , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[47]  苦咖啡 Windows Update 你好烦 , 2003 .