Separating key management from file system security

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Separating key management from file system security

Full text

Pdf (1.77 MB)

Source

ACM Symposium on Operating Systems Principles archive
Proceedings of the seventeenth ACM symposium on Operating systems principles table of contents

Charleston, South Carolina, United States

Pages: 124 - 139

Year of Publication: 1999

ISBN:1-58113-140-2

Also published in ...

Authors

David Mazières	MIT Laboratory for Computer Science
Michael Kaminsky	MIT Laboratory for Computer Science
M. Frans Kaashoek	MIT Laboratory for Computer Science
Emmett Witchel	MIT Laboratory for Computer Science

Sponsor

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 31, Downloads (12 Months): 116, Citation Count: 72

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/319151.319160 What is a DOI?

ABSTRACT

No secure network file system has ever grown to span the Internet. Existing systems all lack adequate key management for security at a global scale. Given the diversity of the Internet, any particular mechanism a file system employs to manage keys will fail to support many types of use.We propose separating key management from file system security, letting the world share a single global file system no matter how individuals manage keys. We present SFS, a secure file system that avoids internal key management. While other file systems need key management to map file names to encryption keys, SFS file names effectively contain public keys, making them self-certifying pathnames. Key management in SFS occurs outside of the file system, in whatever procedure users choose to generate file names.Self-certifying pathnames free SFS clients from any notion of administrative realm, making inter-realm file sharing trivial. They let users authenticate servers through a number of different techniques. The file namespace doubles as a key certification namespace, so that people can realize many key management schemes using only standard file utilities. Finally, with self-certifying pathnames, people can bootstrap one key management mechanism using another. These properties make SFS more versatile than any file system with built-in key management.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168596]
	2	Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption--how to encrypt with RSA. In A. De Santis, editor, Advances in Cryptology---Eurocrypt 1994, volume 950 of Lecture Notes in Computer Science, pages 92-111. Springer- Verlag, 1995.
	3	Mihir Bellare and Phillip Rogaway. The exact security of digital signatures--how to sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptolog3~---Eurocrypt 1996, volume 1070 of Lecture Notes in Computer Science, pages 399-416. Springer-Verlag, 1996.
	4	Andrew D. Birrell, Andy Hisgen, Chuck Jerian, Timothy Mann, and Garret Swart. The Echo distributed file system. Technical Report 111, Digital Systems Research Center, Palo Alto, CA, September 1993.
	5	Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Security and Privacy, pages 223-230, Oakland, CA, 1986.
	6	B. Callaghan, B. Pawlowski, and P. Staubach. NFS version 3 protocol specification. RFC 1831, Network Working Group, June 1995.
	7	Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Y16nen. SPKI certificate documentation. Work in progress, from http:// www. clark, net/pub/cme/html/spki, html.
	8	FIPS 180-1. Secure Hash Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, April 1995.
	9	FIPS 186. Digital Signature Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, 1994.
	10	Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet draft (draft-freier-ssl-version3- 02.txt), Network Working Group, November 1996. Work in progress.
	11	John S. Heidemann , Gerald J. Popek, File-system development with stackable layers, ACM Transactions on Computer Systems (TOCS), v.12 n.1, p.58-89, Feb. 1994 [doi>10.1145/174613.174616]
	12	John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988 [doi>10.1145/35037.35059]
	13	Kalle Kaukonen and Rodney Thayer. A stream cipher encryption algorithm "arcfour". Internet draft (draft-kaukonencipher-arcfour-03), Network Working Group, July 1999. Work in progress.
	14	Michael L. Kazar, Bruce W. Leverett, Owen T. Anderson, Vasilis Apostolides, Beth A. Bottos, Sailesh Chutani, Craig F. Everhart, W. Anthony Mason, Shu-Tsui Tu, and Edward R. Zayas. DEcorum file system architectural overview. In Proceedings of the Summer 1990 USENIX, pages 151-163, Anaheim, CA, 1990. USENIX.
	15	S. Kent and R. Atkinson. Security architecture for the internet protocol. RFC 2401, Network Working Group, November 1998.
	16	Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992 [doi>10.1145/138873.138874]
	17	Timothy Mann , Andrew Birrell , Andy Hisgen , Charles Jerian , Garret Swart, A coherent distributed file cache with directory write-behind, ACM Transactions on Computer Systems (TOCS), v.12 n.2, p.123-164, May 1994 [doi>10.1145/176575.176577]
	18	John K. Ousterhout. Why aren't operating systems getting faster as fast as hardware? In Summer USENIX '90, pages 247-256, Anaheim, CA, June 1990.
	19	Niels Provos and David Mazibres. A future-adaptable password scheme. In Proceedings of the 1999 USENIX, Freenix track (the on-line version), Monterey, CA, June 1999. USENIX. from http://www, usenix, org/events/ usenix99/provos, html.
	20	Peter Reiher, Jr. Thomas Page, Gerald J. Popek, Jeff Cook, and Stephen Crocker. Truffles a secure service for widespread file sharing. In Proceedings of the PSRG Workshop on Network and Distributed System Security, pages 101- 119, San Diego, CA, 1993.
	21	Ronald L. Rivest and Butler Lampson. SDSI--a simple distributed security infrastructure. Working document from http://theory, lcs .mit. edu/~cis/sdsi, html.
	22	Mendel Rosenblum , John K. Ousterhout, The design and implementation of a log-structured file system, Proceedings of the thirteenth ACM symposium on Operating systems principles, p.1-15, October 13-16, 1991, Pacific Grove, California, United States
	23	Russel Sandberg, David Goldberg, Steve Kleiman, Dan Walsh, and Bob Lyon. Design and implementation of the Sun network filesystem. In Proceedings of the Summer 1985 USENIX, pages 119-130, Portland, OR, 1985. USENIX.
	24	M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989 [doi>10.1145/65000.65002]
	25	Mahadev Satyanarayanan, Scalable, Secure, and Highly Available Distributed File Access, Computer, v.23 n.5, p.9-18, 20-21, May 1990 [doi>10.1109/2.53351]
	26	Bruce Schneier, Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish), Fast Software Encryption, Cambridge Security Workshop, p.191-204, December 09-11, 1993
	27	R. Srinivasan. RPC: Remote procedure call protocol specification version 2. RFC 1831, Network Working Group, August 1995.
	28	R. Srinivasan. XDR: External data representation standard. RFC 1832, Network Working Group, August 1995.
	29	J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 USENIX, pages 191-202, Dallas, TX, February 1988. USENIX.
	30	Mohammad Amin Vahdat , Thomas E. Anderson , John D. Kubiatowicz, Operating system services for wide-area applications, 1998
	31	Hugh C. Williams. A modification of the RSA public-key encryption procedure. IEEE Transactions on Information Theory, IT-26(6):726-729, November 1980.
	32	Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, ACM Transactions on Computer Systems (TOCS), v.12 n.1, p.3-32, Feb. 1994 [doi>10.1145/174613.174614]
	33	Thomas Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97-111, San Diego, CA, March 1998.
	34	Tatu Y1Onen. SSH- secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pages 37-42, San Jose, CA, July 1996.

CITED BY 72

	Kevin Fu , M. Frans Kaashoek , David Mazières, Fast and secure distributed read-only file system, ACM Transactions on Computer Systems (TOCS), v.20 n.1, p.1-24, February 2002
	Athicha Muthitacharoen , Benjie Chen , David Mazières, A low-bandwidth network file system, ACM SIGOPS Operating Systems Review, v.35 n.5, Dec. 2001
	Frank Dabek , M. Frans Kaashoek , David Karger , Robert Morris , Ion Stoica, Wide-area cooperative storage with CFS, ACM SIGOPS Operating Systems Review, v.35 n.5, Dec. 2001
	Erik Riedel , Mahesh Kallahalla , Ram Swaminathan, A Framework for Evaluating Storage System Security, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	David Wetherall, Active network vision and reality: lessions from a capsule-based system, ACM SIGOPS Operating Systems Review, v.33 n.5, p.64-79, Dec. 1999
	Robert Grimm , Tom Anderson , Brian Bershad , David Wetherall, A system architecture for pervasive computing, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark
	Brian D. Noble , Ben Fleis , Landon P. Cox, Deferring trust in fluid replication, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark
	Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Michael J. Freedman , Robert Morris, Tarzan: a peer-to-peer anonymizing network layer, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishna Gummadi , Sean Rhea , Hakim Weatherspoon , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, ACM SIGARCH Computer Architecture News, v.28 n.5, p.190-201, Dec. 2000
	Athicha Muthitacharoen , Robert Morris , Thomer M. Gil , Benjie Chen, Ivy: a read/write peer-to-peer file system, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
	Brian S. White , Michael Walker , Marty Humphrey , Andrew S. Grimshaw, LegionFS: a secure and scalable file system supporting cross-domain high-performance applications, Proceedings of the 2001 ACM/IEEE conference on Supercomputing (CDROM), p.59-59, November 10-16, 2001, Denver, Colorado
	Miguel Castro , Barbara Liskov, Practical byzantine fault tolerance and proactive recovery, ACM Transactions on Computer Systems (TOCS), v.20 n.4, p.398-461, November 2002
	David Mazières , Dennis Shasha, Building secure file systems out of byzantine storage, Proceedings of the twenty-first annual symposium on Principles of distributed computing, July 21-24, 2002, Monterey, California
	Dalit Naor , Amir Shenhav , Avishai Wool, Toward securing untrusted storage without public-key operations, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Brian White , Jay Lepreau , Leigh Stoller , Robert Ricci , Shashi Guruprasad , Mac Newbold , Mike Hibler , Chad Barb , Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
	Yun Fu , Jeffrey Chase , Brent Chun , Stephen Schwab , Amin Vahdat, SHARP: an architecture for secure resource peering, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Michael Kaminsky , George Savvides , David Mazieres , M. Frans Kaashoek, Decentralized user authentication in a global file system, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Jian Yin , Jean-Philippe Martin , Arun Venkataramani , Lorenzo Alvisi , Mike Dahlin, Separating agreement from execution for byzantine fault tolerant services, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Bryan Ford, Unmanaged Internet Protocol: taming the edge network management crisis, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
	David G. Andersen , Hari Balakrishnan , M. Frans Kaashoek , Robert Morris, Experience with an evolving overlay network testbed, ACM SIGCOMM Computer Communication Review, v.33 n.3, July 2003
	Hari Balakrishnan , Karthik Lakshminarayanan , Sylvia Ratnasamy , Scott Shenker , Ion Stoica , Michael Walfish, A layered naming architecture for the internet, ACM SIGCOMM Computer Communication Review, v.34 n.4, October 2004
	Enrique Soriano Salvador, SHAD: a human centered security architecture for partitionable, dynamic and heterogeneous distributed systems, Proceedings of the 1st international doctoral symposium on Middleware, p.294-298, October 19-19, 2004, Toronto, Ontario, Canada
	Constantine Sapuntzakis , David Brumley , Ramesh Chandra , Nickolai Zeldovich , Jim Chow , Monica S. Lam , Mendel Rosenblum, Virtual Appliances for Deploying and Maintaining Software, Proceedings of the 17th USENIX conference on System administration, October 26-31, 2003, San Diego, CA
	Athicha Muthitacharoen , Robert Morris , Thomer M. Gil , Benjie Chen, Ivy: a read/write peer-to-peer file system, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts
	Brian White , Jay Lepreau , Leigh Stoller , Robert Ricci , Shashi Guruprasad , Mac Newbold , Mike Hibler , Chad Barb , Abhijeet Joglekar, An integrated experimental environment for distributed systems and networks, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts
	Mahesh Kallahalla , Erik Riedel , Ram Swaminathan , Qian Wang , Kevin Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	Christopher Olson , Ethan L. Miller, Secure capabilities for a petabyte-scale object-based distributed file system, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Edmund B. Nightingale , Peter M. Chen , Jason Flinn, Speculative execution in a distributed file system, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts
	Avishay Traeger , Erez Zadok , Nikolai Joukov , Charles P. Wright, A nine year study of file system and storage benchmarking, ACM Transactions on Storage (TOS), v.4 n.2, p.1-56, May 2008
	Rachid Anane , Sukhvir Dhillon , Behzad Bordbar, Stateless data concealment for distributed systems, Journal of Computer and System Sciences, v.74 n.2, p.243-254, March, 2008
	Alina Oprea , Michael K. Reiter, Integrity checking in cryptographic file systems with constant trusted storage, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	Edmund B. Nightingale , Peter M. Chen , Jason Flinn, Speculative execution in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.24 n.4, p.361-392, November 2006
	Mark D. Corner , Brian D. Noble, Protecting file systems with transient authentication, Wireless Networks, v.11 n.1-2, p.7-19, January 2005
	Frank Dabek , Nickolai Zeldovich , Frans Kaashoek , David Mazières , Robert Morris, Event-driven programming for robust software, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Ashish Gehani , Surendar Chandra , Gershon Kedem, Augmenting storage with an intrusion response primitive to ensure the security of critical data, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Kyriacos Pavlou , Richard T. Snodgrass, Forensic analysis of database tampering, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum , Arno Bakker, Design and implementation of a secure wide-area object middleware, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.10, p.2484-2513, July, 2007
	Mais Nijim , Xiao Qin , Tao Xie, Modeling and improving security of a local disk system for write-intensive workloads, ACM Transactions on Storage (TOS), v.2 n.4, p.400-423, November 2006
	Kevin Fu , M. Frans Kaashoek , David Mazières, Fast and secure distributed read-only file system, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, p.13-13, October 22-25, 2000, San Diego, California
	Jude T. Regan , Christian D. Jensen, Capability file names: separating authorisation from user management in an internet file system, Proceedings of the 10th conference on USENIX Security Symposium, p.17-17, August 13-17, 2001, Washington, D.C.
	Michael Walfish , Hari Balakrishnan , Scott Shenker, Untangling the web from DNS, Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation, p.17-17, March 29-31, 2004, San Francisco, California
	Miguel Castro , Barbara Liskov, Proactive recovery in a Byzantine-fault-tolerant system, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, p.19-19, October 22-25, 2000, San Diego, California
	Michael Walfish , Jeremy Stribling , Maxwell Krohn , Hari Balakrishnan , Robert Morris , Scott Shenker, Middleboxes no longer considered harmful, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.15-15, December 06-08, 2004, San Francisco, CA
	David Mazières, A Toolkit for User-Level File Systems, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.261-274, June 25-30, 2001
	Michael Kaminsky , Eric Peterson , Daniel B. Giffin , Kevin Fu , David Mazières , M. Frans Kaashoek, REX: secure, extensible remote execution, Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference, p.16-16, June 27-July 02, 2004, Boston, MA
	Russ Cox , Eric Grosse , Rob Pike , David L. Presotto , Sean Quinlan, Security in Plan 9, Proceedings of the 11th USENIX Security Symposium, p.3-16, August 05-09, 2002
	Giuseppe Cattaneo , Luigi Catuogno , Aniello Del Sorbo , Pino Persiano, The Design and Implementation of a Transparent Cryptographic File System for UNIX, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.199-212, June 25-30, 2001
	Bryan Ford , Jacob Strauss , Chris Lesniewski-Laas , Sean Rhea , Frans Kaashoek , Robert Morris, Persistent personal names for globally connected mobile devices, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Jude T. Regan , Christian D. Jensen, Capability file names: separating authorisation from user management in an internet file system, Proceedings of the 10th conference on USENIX Security Symposium, p.17-17, August 13-17, 2001, Washington, D.C.
	Ming Zhao , Renato J. Figueiredo, A user-level secure grid file system, Proceedings of the 2007 ACM/IEEE conference on Supercomputing, November 10-16, 2007, Reno, Nevada
	Ming Zhao , Jian Zhang , Renato J. Figueiredo, Distributed File System Virtualization Techniques Supporting On-Demand Virtual Machine Environments for Grid Computing, Cluster Computing, v.9 n.1, p.45-56, January 2006
	Ethan Miller , Darrell Long , William Freeman , Benjamin Reed, Strong Security for Network-Attached Storage, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	Justin Cappos , Scott Baker , Jeremy Plichta , Duy Nyugen , Jason Hardies , Matt Borgard , Jeffry Johnston , John H. Hartman, Stork: package management for distributed VM environments, Proceedings of the 21st conference on 21st Large Installation System Administration Conference, p.1-16, November 11-16, 2007, Dallas
	Teemu Koponen , Mohit Chawla , Byung-Gon Chun , Andrey Ermolinskiy , Kye Hyun Kim , Scott Shenker , Ion Stoica, A data-oriented (and beyond) network architecture, ACM SIGCOMM Computer Communication Review, v.37 n.4, October 2007
	Renato J. Figueiredo , Nirav Kapadia , José A. B. Fortes, Seamless Access to Decentralized Storage Services in Computational Grids via a Virtual File System, Cluster Computing, v.7 n.2, p.113-122, April 2004
	Kevin R. B. Butler , Stephen E. McLaughlin , Patrick D. McDaniel, Non-volatile memory and disks:: avenues for policy architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Avishay Traeger , Kumar Thangavelu , Erez Zadok, Round-trip privacy with nfsv4, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA
	Wei Li , Jianmin Liang , Zhiwei Xu, VegaFS: file sharing crossing multiple domains, International Journal of High Performance Computing and Networking, v.2 n.2-4, p.178-185, February 2004
	Chris Lesniewski-Laas , Bryan Ford , Jacob Strauss , Robert Morris , M. Frans Kaashoek, Alpaca: extensible authorization for distributed services, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	David G. Andersen , Hari Balakrishnan , Nick Feamster , Teemu Koponen , Daekyeong Moon , Scott Shenker, Accountable internet protocol (aip), ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Chris Lesniewski-Laas, A Sybil-proof one-hop DHT, Proceedings of the 1st workshop on Social network systems, p.19-24, April 01-01, 2008, Glasgow, Scotland
	Stefan Miltchev , Jonathan M. Smith , Vassilis Prevelakis , Angelos Keromytis , Sotiris Ioannidis, Decentralized access control in distributed file systems, ACM Computing Surveys (CSUR), v.40 n.3, p.1-30, August 2008
	Ashish Gehani , Surendar Chandra, Parameterized access control: from design to prototype, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
	Justin Cappos , Justin Samuel , Scott Baker , John H. Hartman, A look in the mirror: attacks on package managers, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Kevin R.B. Butler , Stephen McLaughlin , Patrick D. McDaniel, Rootkit-resistant disks, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Aameek Singh , Ling Liu , Mustaque Ahamad, Privacy analysis and enhancements for data sharing in *nix systems, International Journal of Information and Computer Security, v.2 n.4, p.376-410, January 2009
	Kyriacos E. Pavlou , Richard T. Snodgrass, Forensic analysis of database tampering, ACM Transactions on Database Systems (TODS), v.33 n.4, p.1-47, November 2008
	Douglas Thain , Christopher Moretti, Efficient access to many samall files in a filesystem for grid computing, Proceedings of the 8th IEEE/ACM International Conference on Grid Computing, p.243-250, September 19-21, 2007
	Bengt Ahlgren , Matteo D'Ambrosio , Marco Marchisio , Ian Marsh , Christian Dannewitz , Börje Ohlman , Kostas Pentikousis , Ove Strandberg , René Rembarz , Vinicio Vercellone, Design considerations for a network of information, Proceedings of the 2008 ACM CoNEXT Conference, p.1-6, December 09-12, 2008, Madrid, Spain