A cryptographic file system for UNIX

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A cryptographic file system for UNIX

Full text

Pdf (956 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 1st ACM conference on Computer and communications security table of contents

Fairfax, Virginia, United States

Pages: 9 - 16

Year of Publication: 1993

ISBN:0-89791-629-8

Author

Matt Blaze

AT&T Bell Laboratories, 101 Crawfords Corner Road, Room 4G-634, Holmdel, NJ

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 114, Citation Count: 69

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/168588.168590 What is a DOI?

ABSTRACT

Although cryptographic techniques are playing an increasingly important role in modern computing system security, user-level tools for encrypting file data are cumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file system itself. CFS supports secure storage at the system level through a standard Unix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key.This paper describes the design and implementation of CFS under Unix. Encryption techniques for file system-level encryption are described, and general issues of cryptographic system interfaces to support routine secure computing are discussed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988 [doi>10.1145/35037.35059]
	2	Kleiman, S.R., "Vnodes: An Architecture for Multiple File System Types in Sun UNIX." Proc. USENIX, Summer, 1986.
	3	Lacy, J., Mitchell, D., and Schell, W., "CryptoLib: A C Library of Routines for Cryptosystems." Proc. Fourth USENIX Security Workshop, October, 1993.
	4	Xuejia Lai , James L. Massey, A proposal for a new block encryption standard, Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.389-404, February 1991, Aarhus, Denmark
	5	National Bureau of Standards, "Data Encryption Standard." FIPS Publication #46, NTIS, Apr. 1977.
	6	National Bureau of Standards, "Data Encryption Standard Modes of Operation." FIPS Publication #81, NTIS, Dec. 1980.
	7	Reiher, P. et. al., "Security Issues in the Truffles File System." Proc. PSRG Workshop on Network and Distributed System Security, 1993.
	8	Sandberg, R., Goldberg, D., Kleiman, S., Walsh, D., & Lyon, B. "Design and Implementation of the Sun Network File System." Proc. USENIX, Summer, 1985.

CITED BY 69

	David Mazières , Dennis Shasha, Building secure file systems out of byzantine storage, Proceedings of the twenty-first annual symposium on Principles of distributed computing, July 21-24, 2002, Monterey, California
	Erik Riedel , Mahesh Kallahalla , Ram Swaminathan, A Framework for Evaluating Storage System Security, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishan Gummadi , Sean Rhea , Hakim Weatherspoon , Westley Weimer , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, ACM SIGPLAN Notices, v.35 n.11, p.190-201, Nov. 2000
	Jean Mayo , Phil Kearns, A secure unrestricted advanced systems laboratory, ACM SIGCSE Bulletin, v.31 n.1, p.165-169, March 1999
	Hyochang Nam , Jong Kim , Sung Je Hong , Sunggu Lee, Secure checkpointing, Journal of Systems Architecture: the EUROMICRO Journal, v.48 n.8-10, p.237-254, March 2003
	Stefan Ludwig , Winfried Kalfa, File system encryption with integrated user management, ACM SIGOPS Operating Systems Review, v.35 n.4, p.88-93, October 2001
	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishna Gummadi , Sean Rhea , Hakim Weatherspoon , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, ACM SIGARCH Computer Architecture News, v.28 n.5, p.190-201, Dec. 2000
	Dalit Naor , Amir Shenhav , Avishai Wool, Toward securing untrusted storage without public-key operations, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Vishal Kher , Yongdae Kim, Securing distributed storage: challenges, techniques, and systems, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
	Benjamin C. Reed , Edward G. Chron , Randal C. Burns , Darrell D. E. Long, Authenticating Network-Attached Storage, IEEE Micro, v.20 n.1, p.49-57, January 2000
	Srivaths Ravi , Anand Raghunathan , Paul Kocher , Sunil Hattangady, Security in embedded systems: Design challenges, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.461-491, August 2004
	André Zúquete , Paulo Guedes, Transparent Authentication and Confidentiality for Stream Sockets, IEEE Micro, v.16 n.3, p.34-41, June 1996
	Simson L. Garfinkel , Abhi Shelat, Remembrance of Data Passed: A Study of Disk Sanitization Practices, IEEE Security and Privacy, v.1 n.1, p.17-27, January 2003
	Mahesh Kallahalla , Erik Riedel , Ram Swaminathan , Qian Wang , Kevin Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	Gopalan Sivathanu , Charles P. Wright , Erez Zadok, Ensuring data integrity in storage: techniques and applications, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Mark D. Corner , Brian D. Noble, Zero-interaction authentication, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA
	Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts
	Christian D. Jensen, CryptoCache: a secure sharable file cache for roaming users, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark
	Christian Payne, A cryptographic access control architecture secure against privileged attackers, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Shiva Chaitanya , Kevin Butler , Anand Sivasubramaniam , Patrick McDaniel , Murali Vilayannur, Design, implementation and evaluation of security in iSCSI-based network storage systems, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
	Celia Li , Cungang Yang , Richard Cheung, Key management for role hierarchy in distributed systems, Journal of Network and Computer Applications, v.30 n.3, p.920-936, August, 2007
	Mark D. Corner , Brian D. Noble, Protecting file systems with transient authentication, Wireless Networks, v.11 n.1-2, p.7-19, January 2005
	Kevin Borders , Xin Zhao , Atul Prakash, Securing sensitive content in a view-only file system, Proceedings of the ACM workshop on Digital rights management, October 30-30, 2006, Alexandria, Virginia, USA
	Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006
	Erez Zadok , Rakesh Iyer , Nikolai Joukov , Gopalan Sivathanu , Charles P. Wright, On incremental file system development, ACM Transactions on Storage (TOS), v.2 n.2, p.161-196, May 2006
	Ashish Gehani , Surendar Chandra , Gershon Kedem, Augmenting storage with an intrusion response primitive to ensure the security of critical data, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Brian D. Noble , Mark D. Corner, The case for transient authentication, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Mais Nijim , Xiao Qin , Tao Xie, Modeling and improving security of a local disk system for write-intensive workloads, ACM Transactions on Storage (TOS), v.2 n.4, p.400-423, November 2006
	Niels Provos, Encrypting virtual memory, Proceedings of the 9th conference on USENIX Security Symposium, p.3-3, August 14-17, 2000, Denver, Colorado
	Naomaru Itoi, SC-CFS: smartcard secured cryptographic file system, Proceedings of the 10th conference on USENIX Security Symposium, p.20-20, August 13-17, 2001, Washington, D.C.
	Jinyuan Li , Maxwell Krohn , David Mazières , Dennis Shasha, Secure untrusted data repository (SUNDR), Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.9-9, December 06-08, 2004, San Francisco, CA
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum, Secure data replication over untrusted hosts, Proceedings of the 9th conference on Hot Topics in Operating Systems, p.21-21, May 18-21, 2003, Lihue, Hawaii
	Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , Mendel Rosenblum, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, p.22-22, August 09-13, 2004, San Diego, CA
	Jim Chow , Ben Pfaff , Tal Garfinkel , Mendel Rosenblum, Shredding your garbage: reducing data lifetime through secure deallocation, Proceedings of the 14th conference on USENIX Security Symposium, p.22-22, July 31-August 05, 2005, Baltimore, MD
	David Mazières, A Toolkit for User-Level File Systems, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.261-274, June 25-30, 2001
	Zachary N. J. Peterson , Randal Burns , Joe Herring , Adam Stubblefield , Aviel D. Rubin, Secure deletion for a versioning file system, Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies, p.11-11, December 13-16, 2005, San Francisco, CA
	Charles P. Wright , Nikolai Joukov , Devaki Kulkarni , Yevgeniy Miretskiy , Erez Zadok, Auto-pilot: a platform for system software benchmarking, Proceedings of the USENIX Annual Technical Conference 2005 on USENIX Annual Technical Conference, p.53-53, April 10-15, 2005, Anaheim, CA
	Tae-Kyou Park , Ilkyeun Ra, SPECS: smart partial enciphering service for accessing encrypted files with efficient and transparent, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Giuseppe Cattaneo , Luigi Catuogno , Aniello Del Sorbo , Pino Persiano, The Design and Implementation of a Transparent Cryptographic File System for UNIX, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.199-212, June 25-30, 2001
	Matt Blaze, Key management in an encrypting file system, Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference, p.3-3, June 06-10, 1994, Boston, Massachusetts
	Erez Zadok , Ion Badulescu , Alex Shender, Extending file systems using stackable templates, Proceedings of the Annual Technical Conference on 1999 USENIX Annual Technical Conference, p.5-5, June 06-11, 1999, Monterey, California
	Theo de Raadt , Niklas Hallqvist , Artur Grabowski , Angelos D. Keromytis , Niels Provos, Cryptography in OpenBSD: an overview, Proceedings of the Annual Technical Conference on 1999 USENIX Annual Technical Conference, p.33-33, June 06-11, 1999, Monterey, California
	Naomaru Itoi, SC-CFS: smartcard secured cryptographic file system, Proceedings of the 10th conference on USENIX Security Symposium, p.20-20, August 13-17, 2001, Washington, D.C.
	Jaeheung Lee , Junyoung Heo , Yookun Cho , Jiman Hong , Sung Y. Shin, Secure deletion for NAND flash file system, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	Ming Zhao , Renato J. Figueiredo, A user-level secure grid file system, Proceedings of the 2007 ACM/IEEE conference on Supercomputing, November 10-16, 2007, Reno, Nevada
	Richard P. Spillane , Charles P. Wright , Gopalan Sivathanu , Erez Zadok, Rapid file system development using ptrace, Experimental computer science on Experimental computer science, p.23-23, June 13-14, 2007, San Diego
	Radek Vingralek, GnatDb: a small-footprint, secure database system, Proceedings of the 28th international conference on Very Large Data Bases, p.884-893, August 20-23, 2002, Hong Kong, China
	Neerja Bhatnagar , Ethan L. Miller, Designing a secure reliable file system for sensor networks, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA
	Terry Benzel , Robert Braden , Dongho Kim , Clifford Neuman , Anthony Joseph , Keith Sklower , Ron Ostrenga , Stephen Schwab, Design, deployment, and use of the DETER testbed, Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, p.1-1, August 06-07, 2007, Boston, MA
	Ethan Miller , Darrell Long , William Freeman , Benjamin Reed, Strong Security for Network-Attached Storage, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	Richard P. Spillane , Charles P. Wright , Gopalan Sivathanu , Erez Zadok, Rapid file system development using ptrace, Proceedings of the 2007 workshop on Experimental computer science, p.22-es, June 13-14, 2007, San Diego, California
	Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004
	Alexei Czeskis , David J. St. Hilaire , Karl Koscher , Steven D. Gribble , Tadayoshi Kohno , Bruce Schneier, Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications, Proceedings of the 3rd conference on Hot topics in security, p.1-7, July 29, 2008, San Jose, CA
	Ravi Chandra Jammalamadaka, Middleware support for protecting personal data from web based data services, Proceedings of the 4th on Middleware doctoral symposium, p.1-6, November 26-30, 2007, Newport Beach, California
	Gopalan Sivathanu , Swaminathan Sundararaman , Erez Zadok, Type-safe disks, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Ravi Chandra Jammalamadaka , Roberto Gamboni , Sharad Mehrotra , Kent E. Seamons , Nalini Venkatasubramanian, iDataGuard: middleware providing a secure network drive interface to untrusted internet data storage, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Kevin R. B. Butler , Stephen E. McLaughlin , Patrick D. McDaniel, Non-volatile memory and disks:: avenues for policy architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Sergej Zerr , Elena Demidova , Daniel Olmedilla , Wolfgang Nejdl , Marianne Winslett , Soumyadeb Mitra, Zerber: r-confidential indexing for distributed documents, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Avishay Traeger , Kumar Thangavelu , Erez Zadok, Round-trip privacy with nfsv4, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA
	Wei Li , Jianmin Liang , Zhiwei Xu, VegaFS: file sharing crossing multiple domains, International Journal of High Performance Computing and Networking, v.2 n.2-4, p.178-185, February 2004
	Sergej Zerr , Wolfgang Nejdl, Privacy preserving document indexing infrastructure for a distributed environment, Proceedings of the VLDB Endowment, v.1 n.2, August 2008
	Ravi Chandra Jammalamadaka , Roberto Gamboni , Sharad Mehrotra , Kent Seamons , Nalini Venkatasubramanian, iDataGuard: an interoperable security middleware for untrusted internet data storage, Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion, December 01-05, 2008, Leuven, Belgium
	Anthony J. Nicholson , Mark D. Corner , Brian D. Noble, Mobile Device Security Using Transient Authentication, IEEE Transactions on Mobile Computing, v.5 n.11, p.1489-1502, November 2006
	Kevin R.B. Butler , Stephen McLaughlin , Patrick D. McDaniel, Rootkit-resistant disks, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Aameek Singh , Ling Liu , Mustaque Ahamad, Privacy analysis and enhancements for data sharing in *nix systems, International Journal of Information and Computer Security, v.2 n.4, p.376-410, January 2009
	Ramya Prabhakar , Christina Patrick , Mahmut Kandemir, MPISec I/O: Providing Data Confidentiality in MPI-I/O, Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, p.388-395, May 18-21, 2009
	Marc Parisi, Customized file systems: an investigator's approach, Proceedings of the 46th Annual Southeast Regional Conference on XX, March 28-29, 2008, Auburn, Alabama