A cryptographic file system for UNIX

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A cryptographic file system for UNIX

Full text

Pdf (956 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 1st ACM conference on Computer and communications security table of contents

Fairfax, Virginia, United States

Pages: 9 - 16

Year of Publication: 1993

ISBN:0-89791-629-8

Author

Matt Blaze

AT&T Bell Laboratories, 101 Crawfords Corner Road, Room 4G-634, Holmdel, NJ

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 123, Citation Count: 60

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/168588.168590 What is a DOI?

ABSTRACT

Although cryptographic techniques are playing an increasingly important role in modern computing system security, user-level tools for encrypting file data are cumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file system itself. CFS supports secure storage at the system level through a standard Unix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key.This paper describes the design and implementation of CFS under Unix. Encryption techniques for file system-level encryption are described, and general issues of cryptographic system interfaces to support routine secure computing are discussed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988 [doi>10.1145/35037.35059]
	2	Kleiman, S.R., "Vnodes: An Architecture for Multiple File System Types in Sun UNIX." Proc. USENIX, Summer, 1986.
	3	Lacy, J., Mitchell, D., and Schell, W., "CryptoLib: A C Library of Routines for Cryptosystems." Proc. Fourth USENIX Security Workshop, October, 1993.
	4	Xuejia Lai , James L. Massey, A proposal for a new block encryption standard, Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.389-404, February 1991, Aarhus, Denmark
	5	National Bureau of Standards, "Data Encryption Standard." FIPS Publication #46, NTIS, Apr. 1977.
	6	National Bureau of Standards, "Data Encryption Standard Modes of Operation." FIPS Publication #81, NTIS, Dec. 1980.
	7	Reiher, P. et. al., "Security Issues in the Truffles File System." Proc. PSRG Workshop on Network and Distributed System Security, 1993.
	8	Sandberg, R., Goldberg, D., Kleiman, S., Walsh, D., & Lyon, B. "Design and Implementation of the Sun Network File System." Proc. USENIX, Summer, 1985.

CITED BY 60

	Ashish Gehani , Surendar Chandra , Gershon Kedem, Augmenting storage with an intrusion response primitive to ensure the security of critical data, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
	Mark D. Corner , Brian D. Noble, Zero-interaction authentication, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA
	Matt Blaze, Key management in an encrypting file system, Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference, p.3-3, June 06-10, 1994, Boston, Massachusetts
	Radek Vingralek, GnatDb: a small-footprint, secure database system, Proceedings of the 28th international conference on Very Large Data Bases, p.884-893, August 20-23, 2002, Hong Kong, China
	Dalit Naor , Amir Shenhav , Avishai Wool, Toward securing untrusted storage without public-key operations, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	Stefan Ludwig , Winfried Kalfa, File system encryption with integrated user management, ACM SIGOPS Operating Systems Review, v.35 n.4, p.88-93, October 2001
	Hyochang Nam , Jong Kim , Sung Je Hong , Sunggu Lee, Secure checkpointing, Journal of Systems Architecture: the EUROMICRO Journal, v.48 n.8-10, p.237-254, March 2003
	Jean Mayo , Phil Kearns, A secure unrestricted advanced systems laboratory, ACM SIGCSE Bulletin, v.31 n.1, p.165-169, March 1999
	Brian D. Noble , Mark D. Corner, The case for transient authentication, Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC, July 01-01, 2002, Saint-Emilion, France
	Neerja Bhatnagar , Ethan L. Miller, Designing a secure reliable file system for sensor networks, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA
	Giuseppe Cattaneo , Luigi Catuogno , Aniello Del Sorbo , Pino Persiano, The Design and Implementation of a Transparent Cryptographic File System for UNIX, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.199-212, June 25-30, 2001
	Richard P. Spillane , Charles P. Wright , Gopalan Sivathanu , Erez Zadok, Rapid file system development using ptrace, Experimental computer science on Experimental computer science, p.23-23, June 13-14, 2007, San Diego
	Terry Benzel , Robert Braden , Dongho Kim , Clifford Neuman , Anthony Joseph , Keith Sklower , Ron Ostrenga , Stephen Schwab, Design, deployment, and use of the DETER testbed, Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, p.1-1, August 06-07, 2007, Boston, MA
	Christian D. Jensen, CryptoCache: a secure sharable file cache for roaming users, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark
	Mark D. Corner , Brian D. Noble, Protecting file systems with transient authentication, Wireless Networks, v.11 n.1-2, p.7-19, January 2005
	Avishay Traeger , Kumar Thangavelu , Erez Zadok, Round-trip privacy with nfsv4, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA
	Tae-Kyou Park , Ilkyeun Ra, SPECS: smart partial enciphering service for accessing encrypted files with efficient and transparent, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Simson L. Garfinkel , Abhi Shelat, Remembrance of Data Passed: A Study of Disk Sanitization Practices, IEEE Security and Privacy, v.1 n.1, p.17-27, January 2003
	Erez Zadok , Ion Badulescu , Alex Shender, Extending file systems using stackable templates, Proceedings of the Annual Technical Conference on 1999 USENIX Annual Technical Conference, p.5-5, June 06-11, 1999, Monterey, California
	Ravi Chandra Jammalamadaka , Roberto Gamboni , Sharad Mehrotra , Kent E. Seamons , Nalini Venkatasubramanian, iDataGuard: middleware providing a secure network drive interface to untrusted internet data storage, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Richard P. Spillane , Charles P. Wright , Gopalan Sivathanu , Erez Zadok, Rapid file system development using ptrace, Proceedings of the 2007 workshop on Experimental computer science, p.22-es, June 13-14, 2007, San Diego, California
	Christian Payne, A cryptographic access control architecture secure against privileged attackers, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Gopalan Sivathanu , Charles P. Wright , Erez Zadok, Ensuring data integrity in storage: techniques and applications, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
	David Mazières , Dennis Shasha, Building secure file systems out of byzantine storage, Proceedings of the twenty-first annual symposium on Principles of distributed computing, July 21-24, 2002, Monterey, California
	Erik Riedel , Mahesh Kallahalla , Ram Swaminathan, A Framework for Evaluating Storage System Security, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	Ethan Miller , Darrell Long , William Freeman , Benjamin Reed, Strong Security for Network-Attached Storage, Proceedings of the 1st USENIX Conference on File and Storage Technologies, January 28-30, 2002, Monterey, CA
	Ming Zhao , Renato J. Figueiredo, A user-level secure grid file system, Proceedings of the 2007 ACM/IEEE conference on Supercomputing, November 10-16, 2007, Reno, Nevada
	Jaeheung Lee , Junyoung Heo , Yookun Cho , Jiman Hong , Sung Y. Shin, Secure deletion for NAND flash file system, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	David Mazières, A Toolkit for User-Level File Systems, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.261-274, June 25-30, 2001
	Jim Chow , Ben Pfaff , Tal Garfinkel , Mendel Rosenblum, Shredding your garbage: reducing data lifetime through secure deallocation, Proceedings of the 14th conference on USENIX Security Symposium, p.22-22, July 31-August 05, 2005, Baltimore, MD
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum, Secure data replication over untrusted hosts, Proceedings of the 9th conference on Hot Topics in Operating Systems, p.21-21, May 18-21, 2003, Lihue, Hawaii
	Kevin R. B. Butler , Stephen E. McLaughlin , Patrick D. McDaniel, Non-volatile memory and disks:: avenues for policy architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
	Naomaru Itoi, SC-CFS: smartcard secured cryptographic file system, Proceedings of the 10th conference on USENIX Security Symposium, p.20-20, August 13-17, 2001, Washington, D.C.
	Niels Provos, Encrypting virtual memory, Proceedings of the 9th conference on USENIX Security Symposium, p.3-3, August 14-17, 2000, Denver, Colorado
	Wei Li , Jianmin Liang , Zhiwei Xu, VegaFS: file sharing crossing multiple domains, International Journal of High Performance Computing and Networking, v.2 n.2-4, p.178-185, February 2004
	Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Naomaru Itoi, SC-CFS: smartcard secured cryptographic file system, Proceedings of the 10th conference on USENIX Security Symposium, p.20-20, August 13-17, 2001, Washington, D.C.
	Celia Li , Cungang Yang , Richard Cheung, Key management for role hierarchy in distributed systems, Journal of Network and Computer Applications, v.30 n.3, p.920-936, August, 2007
	Charles P. Wright , Nikolai Joukov , Devaki Kulkarni , Yevgeniy Miretskiy , Erez Zadok, Auto-pilot: a platform for system software benchmarking, Proceedings of the USENIX Annual Technical Conference 2005 on USENIX Annual Technical Conference, p.53-53, April 10-15, 2005, Anaheim, CA
	Mais Nijim , Xiao Qin , Tao Xie, Modeling and improving security of a local disk system for write-intensive workloads, ACM Transactions on Storage (TOS), v.2 n.4, p.400-423, November 2006
	Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , Mendel Rosenblum, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, p.22-22, August 09-13, 2004, San Diego, CA
	Theo de Raadt , Niklas Hallqvist , Artur Grabowski , Angelos D. Keromytis , Niels Provos, Cryptography in OpenBSD: an overview, Proceedings of the Annual Technical Conference on 1999 USENIX Annual Technical Conference, p.33-33, June 06-11, 1999, Monterey, California
	Mahesh Kallahalla , Erik Riedel , Ram Swaminathan , Qian Wang , Kevin Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, Proceedings of the 5th symposium on Operating systems design and implementation Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading , December 09-11, 2002, Boston, Massachusetts
	Zachary N. J. Peterson , Randal Burns , Joe Herring , Adam Stubblefield , Aviel D. Rubin, Secure deletion for a versioning file system, Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies, p.11-11, December 13-16, 2005, San Francisco, CA
	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishan Gummadi , Sean Rhea , Hakim Weatherspoon , Westley Weimer , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, ACM SIGPLAN Notices, v.35 n.11, p.190-201, Nov. 2000
	Jinyuan Li , Maxwell Krohn , David Mazières , Dennis Shasha, Secure untrusted data repository (SUNDR), Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.9-9, December 06-08, 2004, San Francisco, CA
	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishna Gummadi , Sean Rhea , Hakim Weatherspoon , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, ACM SIGARCH Computer Architecture News, v.28 n.5, p.190-201, Dec. 2000
	Atul Adya , William J. Bolosky , Miguel Castro , Gerald Cermak , Ronnie Chaiken , John R. Douceur , Jon Howell , Jacob R. Lorch , Marvin Theimer , Roger P. Wattenhofer, Farsite: federated, available, and reliable storage for an incompletely trusted environment, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
	Shiva Chaitanya , Kevin Butler , Anand Sivasubramaniam , Patrick McDaniel , Murali Vilayannur, Design, implementation and evaluation of security in iSCSI-based network storage systems, Proceedings of the second ACM workshop on Storage security and survivability, October 30-30, 2006, Alexandria, Virginia, USA
	Gopalan Sivathanu , Swaminathan Sundararaman , Erez Zadok, Type-safe disks, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
	Kevin Borders , Xin Zhao , Atul Prakash, Securing sensitive content in a view-only file system, Proceedings of the ACM workshop on Digital rights management, October 30-30, 2006, Alexandria, Virginia, USA
	Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006
	André Zúquete , Paulo Guedes, Transparent Authentication and Confidentiality for Stream Sockets, IEEE Micro, v.16 n.3, p.34-41, June 1996
	Erez Zadok , Rakesh Iyer , Nikolai Joukov , Gopalan Sivathanu , Charles P. Wright, On incremental file system development, ACM Transactions on Storage (TOS), v.2 n.2, p.161-196, May 2006
	Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004
	Srivaths Ravi , Anand Raghunathan , Paul Kocher , Sunil Hattangady, Security in embedded systems: Design challenges, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.461-491, August 2004
	Sergej Zerr , Elena Demidova , Daniel Olmedilla , Wolfgang Nejdl , Marianne Winslett , Soumyadeb Mitra, Zerber: r-confidential indexing for distributed documents, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Benjamin C. Reed , Edward G. Chron , Randal C. Burns , Darrell D. E. Long, Authenticating Network-Attached Storage, IEEE Micro, v.20 n.1, p.49-57, January 2000
	Vishal Kher , Yongdae Kim, Securing distributed storage: challenges, techniques, and systems, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA