Secure Untrusted Data Repository (SUNDR)

SUNDR is a network file system designed to store data securely on untrusted servers. SUNDR lets clients detect any attempts at unauthorized file modification by malicious server operators or users. SUNDR's protocol achieves a property called fork consistency, which guarantees that clients can detect any integrity or consistency failures as long as they see each other's file modifications. An implementation is described that performs comparably with NFS (sometimes better and sometimes worse), while offering significantly stronger security.

[1]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[2]  Alley Stoughton,et al.  Detection of Mutual Inconsistency in Distributed Systems , 1983, IEEE Transactions on Software Engineering.

[3]  Dan Walsh,et al.  Design and implementation of the Sun network filesystem , 1985, USENIX Conference Proceedings.

[4]  Tatsuski Okamoto,et al.  A Fast Signature Scheme Based on Quadratic Inequalities , 1985, 1985 IEEE Symposium on Security and Privacy.

[5]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[6]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[7]  RosenblumMendel,et al.  The design and implementation of a log-structured file system , 1991 .

[8]  Mahadev Satyanarayanan,et al.  Disconnected operation in the Coda File System , 1992, TOCS.

[9]  Mendel Rosenblum,et al.  The design and implementation of a log-structured file system , 1991, SOSP '91.

[10]  Matt Blaze,et al.  A cryptographic file system for UNIX , 1993, CCS '93.

[11]  Sean W. Smith,et al.  Security and Privacy for Partial Order Time , 1994 .

[12]  Mahadev Satyanarayanan,et al.  Disconnected Operation in the Coda File System , 1999, Mobidata.

[13]  Michael K. Reiter,et al.  Securing Causal Relationships in Distributed Systems , 1995, Comput. J..

[14]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[15]  Dan Duchamp A toolkit approach to partially connected operation , 1997 .

[16]  Peter Reiher,et al.  Perspectives on optimistically replicated, peer‐to‐peer filing , 1998 .

[17]  Ashish Goel,et al.  Perspectives on optimistically replicated, peer‐to‐peer filing , 1998, Softw. Pract. Exp..

[18]  Assar Westerlund,et al.  Arla: a free AFS client , 1998 .

[19]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[20]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[21]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[22]  Marvin Theimer,et al.  Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs , 2000, SIGMETRICS '00.

[23]  Margo I. Seltzer,et al.  Unifying File System Protection , 2001, USENIX Annual Technical Conference, General Track.

[24]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[25]  MaziéresDavid,et al.  A low-bandwidth network file system , 2001 .

[26]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[27]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[28]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[29]  E. Miller,et al.  Strong security for distributed file systems , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[30]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[31]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[32]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[33]  Dennis Shasha,et al.  Building secure file systems out of byzantine storage , 2002, PODC '02.

[34]  Louis Granboulan How to Repair ESIGN , 2002, SCN.

[35]  Sean Matthew Dorward,et al.  Awarded Best Paper! - Venti: A New Approach to Archival Data Storage , 2002 .

[36]  Sean Quinlan,et al.  Venti: A New Approach to Archival Storage , 2002, FAST.

[37]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[38]  Robert Tappan Morris,et al.  Ivy: a read/write peer-to-peer file system , 2002, OSDI '02.

[39]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[40]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[41]  Jacques Stern,et al.  Almost Uniform Density of Power Residues and the Provable Security of ESIGN , 2003, ASIACRYPT.

[42]  Ben Y. Zhao,et al.  Pond: The OceanStore Prototype , 2003, FAST.

[43]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[44]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.