Formal Analysis of Dynamic, Distributed File-System Access Controls

  • Avik Chaudhuri
  • Martín Abadi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4229)


We model networked storage systems with distributed, cryptographically enforced file-access control in an applied pi calculus. The calculus contains cryptographic primitives and supports file-system constructs, including access revocation. We establish that the networked storage systems implement simpler, centralized storage specifications with local access-control checks. More specifically, we prove that the former systems preserve safety properties of the latter systems. Focusing on security, we then derive strong secrecy and integrity guarantees for the networked storage systems.


Access Control Storage System Message Authentication Code Closed Process Full Abstraction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M.: Protection in programming-language translations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 868–883. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. Journal of the ACM 52(1), 102–146 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001: Principles of Programming Languages, pp. 104–115. ACM Press, New York (2001)Google Scholar
  4. 4.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Chaudhuri, A., Abadi, M.: Formal security analysis of basic network-attached storage. In: FMSE 2005: Formal Methods in Security Engineering, pp. 43–52. ACM, New York (2005)CrossRefGoogle Scholar
  6. 6.
    Gibson, G.A., Nagle, D.P., Amiri, K., Chang, F.W., Feinberg, E., Lee, H.G.C., Ozceri, B., Riedel, E., Rochberg, D.: A case for network-attached secure disks. Technical Report CMU–CS-96-142, Carnegie Mellon University (1996)Google Scholar
  7. 7.
    Gobioff, H.: Security for a High Performance Commodity Storage Subsystem. PhD thesis, Carnegie Mellon University (1999)Google Scholar
  8. 8.
    Gobioff, H., Gibson, G., Tygar, J.: Security for network-attached storage devices. Technical Report CMU-CS-97-185, Carnegie Mellon University (1997)Google Scholar
  9. 9.
    Gordon, A.D., Jeffrey, A.: Typing correspondence assertions for communication protocols. Theoritical Computer Science 300(1-3), 379–409 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Mazières, D., Shasha, D.: Building secure file systems out of byzantine storage. In: PODC 2002: Principles of Distributed Computing, pp. 108–117. ACM Press, New York (2002)Google Scholar
  11. 11.
    Miller, E.L., Long, D.D.E., Freeman, W.E., Reed, B.: Strong security for network-attached storage. In: FAST 2002: File and Storage Technologies, USENIX, pp. 1–13 (2002)Google Scholar
  12. 12.
    Milner, R.: Fully abstract models of typed lambda-calculi. Theoretical Computer Science 4(1), 1–22 (1977)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Milner, R.: The polyadic pi-calculus: a tutorial. In: Logic and Algebra of Specification, pp. 203–246. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  14. 14.
    Nicola, R.D., Hennessy, M.C.B.: Testing equivalences for processes. Theoretical Computer Science 34(1–2), 83–133 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Reed, B.C., Chron, E.G., Burns, R.C., Long, D.D.E.: Authenticating network-attached storage. IEEE Micro 20(1), 49–57 (2000)CrossRefGoogle Scholar
  16. 16.
    Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)CrossRefGoogle Scholar
  17. 17.
    Zhu, Y., Hu, Y.: SNARE: A strong security scheme for network-attached storage. In: SRDS 2003: Symposium on Reliable Distributed Systems, pp. 250–259. IEEE, Los Alamitos (2003)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Avik Chaudhuri
    • 1
  • Martín Abadi
    • 1
    • 2
  1. 1.Computer Science DepartmentUniversity of CaliforniaSanta Cruz
  2. 2.Microsoft ResearchSilicon Valley

Personalised recommendations