Secure authorization and accounting for networked storage
In most of today's storage systems, data is stored distributed across various locations, and needs to be globally accessed and shared in an efficient manner. This has resulted in a surge of new storage paradigms starting from disk interfaces, intelligent storage devices, distributed architectures and even new economic models such as storage outsourcing. These trends are exposing the storage systems to an increased risk of security breaches. Towards alleviating some of the emerging security concerns, this dissertation contributes in the form of three systems: Saksha, SGFS, and CoreFS.
While outsourcing storage is cost-effective, many companies are hesitant to outsource their storage mainly due to trust and security concerns. Saksha enables automated and secure accounting of storage and bandwidth utilization without third-party intervention. By including Saksha as part of their service, providers will be able to give non-repudiable, publicly verifiable proofs of storage and bandwidth consumption. To the best of our knowledge, Saksha is the first accounting system that can be layered on the top of networked file systems. SGFS provides efficient authorization and cross-domain file sharing in the presence of network-attached intelligent storage devices. It is designed to support efficient and flexible cross-domain file sharing without administrative interference, policy management, and efficient revocation. To aid developers and researchers in building experimental file systems, which is usually laborious and time-consuming, we have developed CoreFS, a simple user-level networked file system. CoreFS is modular and lets a developer integrate specialized functions with the help of a simple API without changing the CoreFS code. Simplicity and extensibility of CoreFS were verified by building file systems for Saksha and SGFS, as well as an encrypting file system, and a peer-to-peer file system.
Through these systems, this dissertation strengthens the storage systems by providing secure and efficient mechanisms for authorization and accounting.