NCryptfs: The New Stackable Encryption File System

Often, increased security comes at the expense of user convenience, performance, or compatibility with other systems. The right level of security depends on specific site and user needs, which must be carefully balanced. In this project we design and build a new cryptographic file system called NCryptfs with the primary goal of allowing users to tailor the level of security vs. convenience to fit their needs. Some of the features NCryptfs supports include multiple concurrent ciphers (software and hardware ciphers) and authentication methods, separate per-user name spaces, ad-hoc groups, challenge-response authentication, and transparent process suspension and resumption based on key validity. Our Linux prototype works as a stackable file system and can be used to secure any file system. Performance evaluation of NCryptfs shows a minimal user-visible overhead.

Journal Articles:

# Title (click for html version) Formats Published In Date Comments
1 On Incremental File System Development PS PDF BibTeX ACM Transactions on Storage (TOS) May 2006  

Conference and Workshop Papers:

# Title (click for html version) Formats Published In Date Comments
1 Cryptographic File Systems Performance: What You Don't Know Can Hurt You PS PDF BibTeX 2003 IEEE Security In Storage Workshop (SISW 2003) Oct 2003  
2 NCryptfs: A Secure and Convenient Cryptographic File System PS PDF BibTeX Slides Usenix Technical Conference, General Track Jun 2003  

Technical Reports:

# Title (click for html version) Formats Published In Date Comments
1 Enhancing File System Integrity Through Checksums PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-04 May 2004  
2 Operating System Support for Extensible Secure File Systems PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-02 May 2004 Ph.D. Research Proficiency Exam (RPE)
3 Cryptographic File Systems Performance: What You Don't Know Can Hurt You PS PDF BibTeX Stony Brook U. CS TechReport FSL-03-02 Aug 2003 Slightly expanded version of SISW'03 paper with same title.
4 Cryptfs: A Stackable Vnode Level Encryption File System PS PDF BibTeX Columbia U. CS TechReport CUCS-021-98 Jun 1998 This tech-report had been cited more than 15 times before the new version of the work was published -- NCryptfs.

Past Students:

# Name (click for home page) Program Period Current Location
1 Charles P. Wright PhD May 2003 - May 2006 Research Staff Member, Network Server Systems Software group, IBM T. J. Watson Research Center (Hawthorne, NY)
2 Jay Pradip Dave MS May 2003 - Dec 2003 Software Design Engineer in Test (SDET), Windows Security and Access Control team (WSAC), Windows Security group, Core Operating Systems Division (COSD), Microsoft (Seattle, WA)
3 Puja Gupta MS Jan 2003 - Dec 2003 File Systems Engineer, Apple (Cupertino, CA)
4 Swaroop Karunakara MS Sep 2002 - Dec 2003 Project lead, Server Development team, Oracle India (Bangalore, India)
5 Michael Martino MS May 2002 - May 2003 Stony Brook U. MBA program (Stony Brook, NY)
6 Kiran-Kumar Muniswamy-Reddy MS Jan 2002 - May 2004 Harvard University CS Ph.D. program (Cambridge, MA)
7 Sheshadri Sreenath MS Sep 2002 - May 2003 Senior Software Engineer, Intrushield Sensor (Embedded) team, McAfee India Development Center (Bangalore, India)
8 Charles P. Wright BS (Honors) Dec 2001 - May 2003 Research Staff Member, Network Server Systems Software group, IBM T. J. Watson Research Center (Hawthorne, NY)

Sponsors:

# Sponsor Amount Period Type Title (click for award abstract)
1 NSF Trusted Computing (TC) $400,000 2003-2006 Sole PI A Layered Approach to Securing Network File Systems
2 HP/Intel $131,529 2002-2003 Sole PI Linux Application Performance and File System Security
3 HP/Intel $22,490 2001-2002 Sole PI Linux Network Scalability and File System Reliability

(Last updated: Thu May 10 17:15:14 EDT 2007)