SafeFS: a modular architecture for secure user-space file systems

Pontes, Rogério; Burihabwa, Dorian; Maia, Francisco; Paulo, João; Schiavoni, Valerio; Felber, Pascal; Mercier, Hugues; Oliveira, Rui

doi:10.1145/3078468.3078480

Cited by 16 publications

(22 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other solutions like TrueCrypt [31], and dm-crypt [32] operate as a block device layer to encrypt the entire file system into a single container. Nevertheless, despite the high performance feature provided by the kernel-space file systems, implementing them with complex behavior, such as encryption, is a challenging task that requires extensive modification to the kernel structure [12]. These file systems are designed to mount over the internal storage devices to protect all its contents on-the-fly.…”

Section: Related Workmentioning

confidence: 99%

“…Five levels are used for representing the required security properties of each scheme. The level is assigned by evaluating the features of the scheme and considering the evaluation results in the literature [12,47,48] that correspond to the security property. The scheme with more stars indicates its ability to achieve the security property.…”

Section: Attack Resistancementioning

confidence: 99%

“…The cryptographic file system can be built as a layer inside the kernel space of the operating system [9,10]. It can also be implemented as a file system in user space using FUSE technology [11] to build a cryptographic file system on top of local or remote storage systems [12,13,14]. Other schemes use a cloud-backed file system, such as S3FS [15], BlueSky [16], S3QL [17], which are implemented on remote file systems to provide encryption services to stored data in one or multiple clouds.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Secure Outsourcing and Sharing of Cloud Data Using a User-Side Encrypted File System

Khashan

2020

IEEE Access

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Section: Attack Resistancementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Outsourcing and Sharing of Cloud Data Using a User-Side Encrypted File System

Khashan

2020

IEEE Access

View full text Add to dashboard Cite

“…Finally, we look at how storage overhead can be tamed beyond with better compression gains than classic data reduction techniques without sacrificing on performance. [32,34,31] Chapter 4 First and fully functional implementation of STeP [17,141] Chapter 5 Implementation and evaluation of a framework for stackable user-space file systems [207,33] Chapter 6 Integration and evalution of a data deduplication scheme in user-space file system [183] 1.…”

Section: Taming Storage Overhead With Practical and Efficient Data Rementioning

confidence: 99%

“…• SafeFS [207], a modular framework for stackable file systems in user-space. This work was led by Rogério Pontes with the collaboration of Francisco Maia, João Paulo, Rui Oliveira, Pascal Felber, Valerio Schiavoni and Hugues Mercier.…”

Section: Contributionsmentioning

confidence: 99%

Erasure coding for distributed storage systems

Burihabwa¹

Self Cite

View full text Add to dashboard Cite

Cloud storage has durably entered the stage as go-to solution for business and personal storage. Virtually extending storage capabilities to infinity, cloud storage enables companies and individuals to focus on content creation without fear of running out of space or losing data. But as users entrust more and more data to the cloud, they also have to accept a loss of control over the data they o˜oad to the cloud. At a time when online services seem to be making a significant part of their profits by exploiting customer data, concerns over privacy and integrity of said data naturally arise. Are their online documents read by the storage provider or its employees? Is the content of these documents shared with third party partners of the storage provider? What happens if the provider goes bankrupt? Whatever answer can be o˙ered by the storage provider, the loss of control should be cause for concern. But storage providers also have to worry about trust and reliability. As they build distributed solutions to accommodate their customers’ needs, these concerns of control extend to the infrastructure they operate on. Conciliating security, confidentiality, resilience and perform-ance over large sets of distributed storage nodes is a tricky balancing act. And even when a suitable balance can be found, it is often done at the expense of increased storage overhead. In this dissertation, we try to mitigate these issues by focusing on three aspects. First, we study solutions to empower users with flexible tooling ensuring security, integrity and redundancy in distributed storage settings. By leveraging public cloud storage o˙erings to build a configurable file system and storage middleware, we show that securing cloud-storage from the client-side is an e˙ective way maintaining control. Second, we build a distributed archive whose resilience goes beyond standard redundancy schemes. To achieve this, we implement Recast, relying on a data entanglement scheme, that encodes and distributes data over a set of storage nodes to ensure durability at a manageable cost. Finally, we look into o˙setting the increase in storage overhead by means of data reduction. This is made possible by the use of Generalised Deduplication, a scheme that improves over classical data deduplication by detecting similarities beyond exact matches.

show abstract

Defuse: Decoupling Metadata and Data Processing in FUSE Framework for Performance Improvement

2019

View full text Add to dashboard Cite

A popular user-space file system framework, FUSE, has been widely used for building various customized file systems(cFS) on top of the underlying kernel file system(kFS). A FUSE-based cFS gains adequate flexibility by developing its specific functions in user space, but brings extra user-kernel mode switches in the request processing flow owing to forwarding all requests from the FUSE kernel driver to the user-space daemon, thus degrading the overall performance. We observe that a file data request does not need to forward to the user-space daemon when its file-to-file mapping between the FUSE-based cFS and the underlying kFS remains unchanged. Based on the insight, we propose a modified FUSE framework -DeFUSE that decouples the processing flow of the metadata and data requests. The metadata requests still follow the original flow to reserve flexibility while the data requests are directly executed in the DeFUSE kernel driver maintaining the file-to-file mappings in the kernel, effectively eliminating the unnecessary mode switches. We have implemented the DeFUSE framework and ported three representative FUSE-based cFSs to DeFUSE. The result shows that for data-centric workloads, the throughput of DeFUSE-based cFSs increases up to 3.5X for write and 3.8X for read respectively, compared to their corresponding FUSE-based implementations. DeFUSE is available on Github.

show abstract

SafeFS: a modular architecture for secure user-space file systems

Cited by 16 publications

References 20 publications

Secure Outsourcing and Sharing of Cloud Data Using a User-Side Encrypted File System

Secure Outsourcing and Sharing of Cloud Data Using a User-Side Encrypted File System

Erasure coding for distributed storage systems

Defuse: Decoupling Metadata and Data Processing in FUSE Framework for Performance Improvement

Contact Info

Product

Resources

About