Don't trust your file server

David Mazières, Dennis Shasha

Research output: Contribution to conferencePaperpeer-review

Abstract

All too often, decisions about whom to trust in computer systems are driven by the needs of system management rather than data security. In particular, data storage is often entrusted to people who have no role in creating or using the data-through outsourcing of data management, hiring of outside consultants to administer servers, or even collocation servers in physically insecure machine rooms to gain better network connectivity. This paper outlines the design of SUNDR, a network file system designed to run or untrusted servers. SUNDR servers can safely be managed by people who have no permission to read or write data stored in the file system. Thus, people can base their trust decisions on who needs to use data and their administrative decisions on how best to manage the data. Moreover, with SUNDR, attackers will no longer be able to wreak havoc by compromising servers and tampering with data. They will need to compromise clients while legitimate users are logged on. Since clients do not need to accept incoming network connections, they can more easily be firewalled and protected from compromise than servers.

Original languageEnglish (US)
Pages113-118
Number of pages6
StatePublished - 2001
Event8th Workshop on Hot Topics in Operating Systems (HOTOS-VIII) - Elmau, Germany
Duration: May 20 2001May 22 2001

Other

Other8th Workshop on Hot Topics in Operating Systems (HOTOS-VIII)
Country/TerritoryGermany
CityElmau
Period5/20/015/22/01

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Don't trust your file server'. Together they form a unique fingerprint.

Cite this