Don't trust your file server

David Mazières, Dennis Shasha

Research output: Contribution to conferencePaperpeer-review


All too often, decisions about whom to trust in computer systems are driven by the needs of system management rather than data security. In particular, data storage is often entrusted to people who have no role in creating or using the data-through outsourcing of data management, hiring of outside consultants to administer servers, or even collocation servers in physically insecure machine rooms to gain better network connectivity. This paper outlines the design of SUNDR, a network file system designed to run or untrusted servers. SUNDR servers can safely be managed by people who have no permission to read or write data stored in the file system. Thus, people can base their trust decisions on who needs to use data and their administrative decisions on how best to manage the data. Moreover, with SUNDR, attackers will no longer be able to wreak havoc by compromising servers and tampering with data. They will need to compromise clients while legitimate users are logged on. Since clients do not need to accept incoming network connections, they can more easily be firewalled and protected from compromise than servers.

Original languageEnglish (US)
Number of pages6
StatePublished - 2001
Event8th Workshop on Hot Topics in Operating Systems (HOTOS-VIII) - Elmau, Germany
Duration: May 20 2001May 22 2001


Other8th Workshop on Hot Topics in Operating Systems (HOTOS-VIII)

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Don't trust your file server'. Together they form a unique fingerprint.

Cite this