San Diego, California, USA
Sept. 24, 2007 to Sept. 27, 2007
Roman Pletka , AdNovum Informatik AG, Switzerland
Christian Cachin , IBM Zurich Research Laboratory, Switzerland
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSST.2007.10
Storage systems are increasingly subject to attacks. Cryptographic file systems mitigate the danger of exposing data by using encryption and integrity protection methods and guarantee end-to-end security for their clients. This paper describes a generic design for cryptographic file systems and its realization in a distributed storage-area network (SAN) file system. Key management is integrated with the meta-data service of the SAN file system. The implementation supports file encryption as well as integrity protection through hash trees. Both techniques have been implemented in the client file system driver. Benchmarks demonstrate that the overhead is noticeable for some artificially constructed use cases, but that it is very small for typical file system applications.
Roman Pletka, Christian Cachin, "Cryptographic Security for a High-Performance Distributed File System", MSST, 2007, Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on, Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on 2007, pp. 227-232, doi:10.1109/MSST.2007.10