SAFIUS - A secure accountable filesystem over untrusted storage

Abstract

With storage data requirements growing at around 40% every year, the entities that control the data are different from entities that consume the data. The drastic growth in storage requirements and the ubiquitous accessibility of data requires a re-look at the traditional storage architectures. One possible model to tackle the storage data growth is storage service outsourcing and storage maintenance outsourcing, forcing the storage to be treated as imtrusted entity. This thesis proposes SAFIUS, an architecture for a secure, accoimtable distributed filesystem that can reside over untrusted storage. The design leverages trust on a lockserver to provide secure access of data residing on imtrusted storage, to a large number of independently managed fileservers that do not mutually trust each other. Blocks are addressed by their content hashes for exploiting the vxrite-once property and guaranteeing integrity and the trusted lock server is used for providing freshness. Accountability is required so that two mutually distrusting entities in the system do not repudiate their actions; accountability is achieved with signatures (through public key cryptography). SAFIUS introduces a pruning mechanism by which the persistent state needed for guaranteeing non repudiation is proportional to the number of blocks stored rather than number of operations performed. The threat model of SAFIUS prevents recovery of a failed node by another node and hence the nodes modify global state atomically and recover from failures independently Preliminary performance studies with SAFIUS shows that SAFIUS is around 150% of OpenGFS in data intensive workloads and out performs OpenGFS in metadata intensive workloads.