Secure Network File Systems

In this project we consider techniques to enhance the security of Network File Servers with minimal impact on client/server protocols, or performance. We consider NFSv4 proxies to intercept and secure data between clients and servers.

In some cases, we are able to modify a file server's implementation to transparently add security (e.g., adding UID/GID range-mapping and cloaking). We investigate proxy techniques that reside in between clients and servers and monitor file system activity at a high level.

In this project we are also evaluating vulnerabilities in existing NFS systems that may allow an attacker to gain file access without proper authentication.

In addition, we are designing a client-side encryption scheme for NFSv4. This latest version of NFS is intended for use over the Internet, and there are usage scenarios where clients store data on untrusted servers. In our encryption scheme, clients will encrypt data before it is sent to the server. This data will be stored in encrypted form, and will be decrypted by the client when the data is read.

Download software.

Conference and Workshop Papers:

# Title (click for html version) Formats Published In Date Comments
1 Round-Trip Privacy with NFSv4 PS PDF BibTeX Third ACM International Workshop on Storage Security and Survivability (StorageSS 2007) held in conjunction with the 14th ACM CCS. Oct 2007 Source code and benchmark information.
2 Adding Secure Deletion to Your Favorite File System PS PDF BibTeX Third IEEE Security In Storage Workshop (SISW 2005) Dec 2005  
3 Increasing Distributed Storage Survivability with a Stackable RAID-like File System PS PDF BibTeX First IEEE/ACM Workshop on Cluster Security, in conjunction with the Fifth IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid 2005) May 2005 Won Best Paper Award
4 Enhancing NFS Cross-Administrative Domain Access PS PDF BibTeX Usenix Technical Conference, FREENIX Track Jun 2002  

Technical Reports:

# Title (click for html version) Formats Published In Date Comments
1 NFS File Handle Security PS PDF BibTeX Stony Brook U. CS TechReport FSL-04-03 May 2004  

Current Students:

# Name (click for home page) Program Member Since
1 Ming Chen PhD May 2012
2 Soujanya Shankaranarayana MS Sep 2013
3 Arun Olappamanna Vasudevan MS Sep 2013
4 Kelong Wang MS Apr 2014

Past Students:

# Name (click for home page) Program Period Current Location
1 Abhishek Rai PhD Sep 2003 - Aug 2005 Member of the Technical Staff, Google (Mountain View, CA)
2 Joseph Spadavecchia PhD May 2001 - Aug 2002  
3 Avishay Traeger PhD Sep 2003 - Aug 2008 R&D, Stratoscale (Herzeliya, Israel)
4 Ana Centeno MS Sep 2002 - May 2003 Rutgers University CS Ph.D. program (Piscataway, NJ)
5 Puja Gupta MS Jan 2003 - Dec 2003 File Systems Engineer, Apple (Cupertino, CA)
6 Swaroop Karunakara MS Sep 2002 - Dec 2003 Manager, Sustaining Engineering, NetApp (Bangalore, India)
7 Nitin Khosla MS May 2002 - Dec 2002 Bloomberg (New York, NY)
8 Nishant Nagalia MS Sep 2002 - May 2004 Software Engineer, Ashley Laurent (Austin, TX)
9 Delia Osgood (Paval) MS May 2002 - Dec 2002 Vice President, Business Technology team, Credit Suisse Group, (New York, NY)
10 Sheshadri Sreenath MS Sep 2002 - May 2003 Senior Software Engineer, Intrushield Sensor (Embedded) team, McAfee India Development Center (Bangalore, India)
11 Kumar Thangavelu MS Jan 2007 - Dec 2007 Senior Software Engineer, Engineering Development, Skyera (San Jose, CA)
12 Rongqing ``Frank'' Tu MS May 2002 - Dec 2002 Software Engineer, Storage Systems Group, Silicon Graphics, Inc. (Eagan, MN)
13 Zhenghong ``Sam'' Yang MS May 2002 - Feb 2003 IBM
14 Zhou Zhang MS Sep 2002 - Dec 2002 IBM T.J. Watson research center

Sponsors:

# Sponsor Amount Period Type Title (click for award abstract)
1 NSF Secure and Trustworthy Cyberspace (SaTC) $486,783 2012-2015 Lead-PI NFS4Sec: An Extensible Security Layer for Network Storage
2 IBM Faculty Award $20,000 2006-2007 Sole PI End-To-End File Server Security
3 NSF Trusted Computing (TC) $400,000 2003-2006 Sole PI A Layered Approach to Securing Network File Systems
4 SPIR $94,581 2003 Sole PI Secure Shared Storage
5 SPIR $55,676 2002 Sole PI A Secure and Scalable Network Appliance


(Last updated: Fri May 16 13:27:49 EDT 2014)