Skip to main content
SpringerLink
Log in

Corslet: A shared storage system keeping your data private

  • Research Papers
  • Special Focus
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

With the exponential growth of digital data, it is becoming more and more popular to store data in shared distributed storage systems inside the same organization. In such shared distributed storage systems, an ordinary user usually does not have the control permission over the whole system, and thus cannot secure data storage or data sharing of his own files. To solve this issue, this paper proposes a new system architecture to secure file storing and sharing efficiently over untrusted shared storage and network environments. Based on this architecture, this paper designs and implements a stackable secure storage system called Corslet. Corslet can run directly on deployed underlying storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, and does not require users to maintain or manage any keys on their client machines locally. The Bonnie++ and IOzone benchmark results show that the throughput of Corslet over NFS can achieve more than 90% of native NFS throughput in most tests, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Sandberg R, Goldberg D, Kleiman S, et al. Design and implementation of the SUN network filesystem. In: Proceedings of the Summer USENIX Conference, Portland, USA, 1985. 119–130

  2. Callaghan B, Pawlowski B, Staubach P. NFS version protocol specification. RFC 1813, 1995

  3. Braam P J. The Lustre storage architecture. http://www.lustre.org/documentation.html

  4. Braam P J. The Lustre storage architecture. Cluster File Systems, Inc., Aug. 2004. http://www.lustre.org/documentation.html

  5. Amazon.com. Amazon simple storage service (Amazon S3). http://aws.amazon.com/s3

  6. Weil S A, Brandt S A, Miller E L, et al. Ceph: A scalable, high-performance distributed file system. In: Proceedings of OSDI, Seattle, USA, 2006. 22

  7. Hasan R, Myagmar S, Lee A J, et al. Toward a threat model for storage systems. In: Proceedings of StorageSS, Fairfax, USA, 2005. 94–102

  8. Data Breach Investigation Report, Verizon, 2010. http://www.verizonbusiness.com/resources/reports/rp-2010-databreach-report-en-xg.pdf

  9. Kallahalla M, Riedel E, Swaminathan R, et al. Plutus-scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX File and Storage Technologies, San Francisco, USA, 2003

  10. Riedel E, Kallahalla M, Swaminathan R. A framework for evaluating storage system security. In: Proceedings of FAST, Monterey, USA, 2002. 15–30

  11. Fu K. Group sharing and random access in cryptographic storage file systems. Dissertation for Master’s Degree. Cambridge: Massachusetts Institute of Technology, 1999

    Google Scholar 

  12. PKI. http://datatracker.ietf.org/wg/pkix/charter/

  13. Goh E, Shacham H, Modadugu N, et al. SiRiUS: Securing remote untrusted storage. In: Proceedings of the 10th Network and Distributed Systems Security Symposium, San Diego, USA, 2003. 131–145

  14. Merkle R C. A digital signature based on a conventional encryption function. In: Proceedings of CRYPTO’87, Santa Barbara, USA, 1987. 369–378

  15. Geron E, Wool A. CRUST: Cryptographic remote untrusted storage without public keys. In: Proceedings of the 4th International IEEE Security in Storage Workshop, San Diego, USA, 2007. 357–377

  16. Szeredi M. Filesystem in userspace. http://fuse.sourceforge.net

  17. OpenSSL Project. http://www.openssl.org/

  18. NIST. Secure hash standard. Federal Information Processing Standards, FIPS PUB 180-2, 2004

  19. Krawczyk H, Bellare M, Canetti R. HMAC: Keyed-hashing for message authentication. RFC 2104, 1997

  20. NIST. Advanced encryption standard. Federal Information Processing Standards, FIPS PUB 197, 2001

  21. SSL/TLS. http://tools.ietf.org/html/rfc5246

  22. Blaze M. A cryptographic file system for Unix. In: Proceedings of the ACM Conference on Computer and Communications Security, Fairfax, USA, 1993. 9–16

  23. Zadok E, Badulescu I, Shender A. Cryptfs: A stackable vnode level encryption file system. Technical Report CUCS-021-98. 1998

  24. Bindel D, Chew M, Wells C. Extended cryptographic file system. Unpublished manuscript, 1999

  25. Cattaneo G, Catuogno L, Sorbo A D, et al. The design and implementation of a transparent cryptographic filesystem for Unix. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Berkeley, USA, 2001. 199–212

  26. Halcrow M. eCryptfs: A stacked cryptographic filesystem. Linux J, 2007, 156: 2

    Google Scholar 

  27. O’shanahan D P. CryptosFS: Fast cryptographic secure NFS. Dissertation for Master’s Degree. Dublin: University of Dublin, 2000

    Google Scholar 

  28. Kubiatowicz J, Bindel D, Chen Y, et al. Oceanstore: An architecture for global-scale persistent storage. In: Proceedings of ASPLOS, Cambridge, USA, 2000. 190–201

  29. Adya A, Bolosky W, Castro M, et al. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In: Proceedings of OSDI, Boston, USA, 2002. 1–14

  30. Miller E, Long D, Freeman W, et al. Strong security for network-attached storage. In: Proceedings of FAST, Monterey, USA, 2002. 1–13

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, China

    Wei Xue, JiWu Shu, Yang Liu & Mao Xue

  2. Tsinghua National Laboratory for Information Science and Technology, Tsinghua University, Beijing, 100084, China

    Wei Xue & JiWu Shu

Authors
  1. Wei Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. JiWu Shu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mao Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Xue.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xue, W., Shu, J., Liu, Y. et al. Corslet: A shared storage system keeping your data private. Sci. China Inf. Sci. 54, 1119–1128 (2011). https://doi.org/10.1007/s11432-011-4259-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-011-4259-y

Keywords

Search

Navigation