SlideShare a Scribd company logo

SafeFS: A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all)

β€’
β€’
vschiavoni
vschiavoni

Revised version of the SafeFS slides, targeting MSc students at the UFSM (Brasil).

Science
1 of 20
Download to read offline
SafeFS:A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all) Invited Talk - UFSM, Santa Maria, Brasil 02 February 2018 RogΓ©rio Pontes1, Dorian Burihabwa2, Francisco Maia1, JoΓ£o Paulo1, Valerio Schiavoni2, Pascal Felber2, Hugues Mercier2, Rui Oliveira1 1High Assurance Software Lab, INESC TEC and University of Minho, Portugal 2University of NeuchΓ’tel, Switzerland (previously: SYSTOR’17, Haifa, Israel)
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS but first…where is NeuchΓ’tel? 2
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Data is growing at an unprecedented rate β€’ Cloud storage is the de facto choice for millions of users and enterprises β€’ reduced costs β€’ availability β€’ ease of use Cloud Storage 3
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Heterogeneous interfaces for applications β€’ Data control belongs to the cloud β€’ according to a European study conducted in 2015 β€’ 67% of the population is concerned with data privacy β€’ only 15% of users think to be in control of their data β€’ Cloud data is vulnerable to β€’ hackers, storage providers, governmental agencies β€’ other (possibly unknown) threats 4 not in this talk Cloud Storage
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Abstract third-party interfaces β€’ e.g., multi-cloud file system β€’ Support data processing at the client premises before uploading it to cloud services β€’ data encryption β€’ replication, deduplication, caching Current Solutions 5
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Traditional filesystems follow a monolithic design β€’ Different applications have specific requirements β€’ performance β€’ dependability β€’ security β€’ ➑ different storage features Challenges 6 ext3 ext4 encFS CryFS
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Stackable file system solutions improve flexibility β€’ Their design is still limited: β€’ focused on the modularity of a specific feature β€’ decisions (kernel vs user-space) 7 source: hypem.com Challenges
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ SafeFS: A modular user-space secure file system β€’ layered design with two-dimensional modularity β€’ self-contained, stackable and reusable layers β€’ easy implementation & reuse of layers β€’ support for single and multiple storage backends β€’ adaptability to different application workloads β€’ transparency for applications Contributions 8
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’Architecture β€’Life of a SafeFS operation β€’Some implementation details β€’Some evaluation results β€’Conclusion The rest of this talk 9 😈 πŸ› πŸ“– πŸ–‹ πŸ”¬( 🎬
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Layers β€’ processing vs storage β€’ stackable β€’ common API (FUSE) β€’ Drivers β€’ extended flexibility β€’ common API Architecture 10 User Application FUSE User-Space Library SafeFS Processing FUSE Virtual Filesystem . . . Processing FUSE Processing FUSE Processing FUSE Processing FUSE Storage FUSE Storage FUSE Privacy-Preserving Layer Drivers AES DET FUSE FUSE Kernel ModuleKernel Space User Space Layer 0 Layer 1 Layer N-2 Layer N-1 Layer N . . . ... request reply
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Storage requests flow 11 User Application Fuse User-Space Library SafeFS Processing FUSE API Virtual Filesystem Fuse Kernel Module Kernel Space User Space Storage FUSE API Storage FUSE API βž‘ βž‹ ➐ ➏ ➎ ➍ ➌ ➎ request reply ➊ ➍
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS SafeFS - Implementation 12 SafeFS Privacy-Preserving Layer Drivers AES DET ... Granularity-Oriented Layer Drivers Block ID Multiple-backend Layer Drivers REP XOR ER NFS Dropbox Other Storage ... FUSE ... β€’ 3 Supported layers β€’ Granularity-Oriented β€’ Privacy-Preserving β€’ Multiple-Backend β€’ Layers and drivers chosen at mount time β€’ Implemented in C
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS SafeFS - Configuration 13 β€’ Possible combinations of layers and drivers Granularity-Oriented Privacy-Preserving Multiple-Backend Groups Stack Block Id AES Det Id Simple XOR Erasure Baseline FUSE β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,1 β‡₯ β‡₯ Identity β‡₯ p β‡₯ β‡₯ p p ,1 β‡₯ β‡₯ Privacy AES p β‡₯ p β‡₯ β‡₯ p ,1 β‡₯ β‡₯ Det p β‡₯ β‡₯ p β‡₯ p ,1 β‡₯ β‡₯ XOR β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 β‡₯ Redundancy Rep β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 β‡₯ β‡₯ Erasure p β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 Table 2: The di↡erent SafeFS stacks deployed in the evaluation. Stacks are divided in three distinct groups: Baseline Privacy, Redundancy. The table header holds the three SafeFS layers. Below each layer we show the respective drivers. Fo each stack, we indicate the active drivers (the p symbol). Layers without any active drivers are not used in the stack. Th ndices for Multiple-Backend drivers indicate the number of storage backends used to write data. tively to a standard and a deterministic encryption mecha- nism. The AES stack is expected to be less e cient than Det as it generates a di↡erent IV for each block. However, Det has the weakest security guarantee. The third stack, named XOR, considers a di↡erent trust model where no single stor- age location is trusted with the totality of the ciphered data. Data is stored across distinct storage back-ends in such a way that unless an attacker gains access simultaneously to We ran several workloads for each considered file system (4 third-party file systems and 7 SafeFS stacks). The result have been grouped according to the workloads. First, w present the results of using db_bench, then filebench and finally, we describe the results of running latency analysi for SafeFS layers. Microbenchmark: db bench. We first present the re sults obtained with db_bench. We pick 7 workloads, each β€’ Each offering different guarantees in terms of β€’ security β€’ dependability β€’ performance
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Multiple benchmarks and workloads β€’ filebench β€’ db_bench β€’ Third-party filesystems and SafeFS configurations β€’ 7 SafeFS setups β€’ 4 filesystems (CryFS, LessFS, MetFs and eCryptFS) β€’ Experimental setup β€’ Virtual Machines with 4 Cores, 4GB RAM and HDD drives Experimental Evaluation 14
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Filebench results 15 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnativ 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnative(ext4) βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq ExecutionTime(%) multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according to the tasks performed by the layers. The 3 most CPU- facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc β€’ Evaluation of SafeFS setups with 7 filebench workloads β€’ Throughput compared against ext4 β€’ red (below 25%) β€’ orange (up to 75%) β€’ yellow (up to 95%) β€’ green (>= 95%) 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according o the tasks performed by the layers. The 3 most CPU- tensive stacks (AES, Det and Erasure) concentrate their facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc- tions. First, we plan to smooth the e↡orts to integrate any
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Filebench results 16 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnativ 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnative(ext4) βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq ExecutionTime(%) multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according to the tasks performed by the layers. The 3 most CPU- facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc β€’ Evaluation of SafeFS setups with 7 filebench workloads β€’ Throughput compared with ext4 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according o the tasks performed by the layers. The 3 most CPU- tensive stacks (AES, Det and Erasure) concentrate their facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc- tions. First, we plan to smooth the e↡orts to integrate any ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ eCryptFS EncFS MetFS SAFEFS AES SAFEFS Det βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwri FS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XO
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Other results 17 β€’ DB_bench experiments β€’ significant overhead in write requests β€’ read requests performance close to ext4 β€’ uniform results across SafeFS and other filesystems β€’ Time spent in each SafeFS layer β€’ Setups using encryption or erasure coding require significant processing time and CPU in the respective layers β€’ The Granularity-Oriented layer is time- demanding specially for write requests
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Strict combinations of storage features cannot fulfil the requirements of distinct applications β€’ SafeFS addresses this challenge with β€’ a modular layer and driver design β€’ a common API for easily stacking layers β€’ Allows to create β€’ combinations of storage features based on applications requirements β€’ to reduce the cost and complexity of reusing or implementing new layers Conclusion /1 18
Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Our experiments show that β€’ different SafeFS setups are easily deployable β€’ a layered approach has similar performance to other monolithic privacy-preserving filesystems β€’ Future Work β€’ Workload-aware and automatic configuration of layers β€’ Run-time configuration of layers and drivers β€’ Encryption keys management and access control Conclusion /2 19 Open source, Available at https://github.com/safecloud-project/SafeFS
SafeFS:A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all) Invited Talk - UFSM, Santa Maria, Brasil 02 February 2018 RogΓ©rio Pontes1, Dorian Burihabwa2, Francisco Maia1, JoΓ£o Paulo1, Valerio Schiavoni2, Pascal Felber2, Hugues Mercier2, Rui Oliveira1 1High Assurance Software Lab, INESC TEC and University of Minho, Portugal 2University of NeuchΓ’tel, Switzerland

Recommended

16. Importing different climatic change scenarios from WorldClim to ModestR ...
16. Importing different climatic change scenarios from WorldClim to ModestR ...16. Importing different climatic change scenarios from WorldClim to ModestR ...
16. Importing different climatic change scenarios from WorldClim to ModestR ...modestrsoftware
Β 
Getting started with replica set in MongoDB
Getting started with replica set in MongoDBGetting started with replica set in MongoDB
Getting started with replica set in MongoDBKishor Parkhe
Β 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
Β 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
Β 
Open stackapac swift_alexyang
Open stackapac swift_alexyangOpen stackapac swift_alexyang
Open stackapac swift_alexyangOpenCity Community
Β 
Swift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex YangSwift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex YangHui Cheng
Β 
Authenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsAuthenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsPvrtechnologies Nellore
Β 
Authenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File SystemsAuthenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File Systems1crore projects
Β 

Recommended

16. Importing different climatic change scenarios from WorldClim to ModestR ...
16. Importing different climatic change scenarios from WorldClim to ModestR ...16. Importing different climatic change scenarios from WorldClim to ModestR ...
16. Importing different climatic change scenarios from WorldClim to ModestR ...modestrsoftware
Β 
Getting started with replica set in MongoDB
Getting started with replica set in MongoDBGetting started with replica set in MongoDB
Getting started with replica set in MongoDBKishor Parkhe
Β 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
Β 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
Β 
Open stackapac swift_alexyang
Open stackapac swift_alexyangOpen stackapac swift_alexyang
Open stackapac swift_alexyangOpenCity Community
Β 
Swift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex YangSwift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex YangHui Cheng
Β 
Authenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsAuthenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsPvrtechnologies Nellore
Β 
Authenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File SystemsAuthenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File Systems1crore projects
Β 
Open Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex YangOpen Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex YangOpenCity Community
Β 
Xen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiencesXen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiencesmrpetersisl
Β 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
Β 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
Β 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security Sandeep Patil
Β 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for paralleljpstudcorner
Β 
Deep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech TalksDeep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech TalksAmazon Web Services
Β 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
Β 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
Β 
Scalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the CloudScalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the CloudRed_Hat_Storage
Β 
Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170Banking at Ho Chi Minh city
Β 
SECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographySECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Β 
Securing Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly RebuildingSecuring Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly RebuildingVMware Tanzu
Β 
As34269277
As34269277As34269277
As34269277IJERA Editor
Β 
Veracrypt
VeracryptVeracrypt
VeracryptRUTVICHANGELA
Β 
White Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film AssetsWhite Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film AssetsPerforce
Β 
Cruiser pldi2011
Cruiser pldi2011Cruiser pldi2011
Cruiser pldi2011nytshade15
Β 
Accelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data LakeAccelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data LakeAlluxio, Inc.
Β 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and AccumuloJohn Dougherty
Β 
Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...Principled Technologies
Β 
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep LearningCombining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learningvschiavoni
Β 
DEBS-2023.pdf
DEBS-2023.pdfDEBS-2023.pdf
DEBS-2023.pdfvschiavoni
Β 

More Related Content

Similar to SafeFS: A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all)

Open Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex YangOpen Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex YangOpenCity Community
Β 
Xen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiencesXen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiencesmrpetersisl
Β 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
Β 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)David Sweigert
Β 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security Sandeep Patil
Β 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for paralleljpstudcorner
Β 
Deep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech TalksDeep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech TalksAmazon Web Services
Β 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
Β 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
Β 
Scalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the CloudScalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the CloudRed_Hat_Storage
Β 
Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170Banking at Ho Chi Minh city
Β 
SECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographySECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographyALIN BABU
Β 
Securing Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly RebuildingSecuring Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly RebuildingVMware Tanzu
Β 
White Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film AssetsWhite Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film AssetsPerforce
Β 
Cruiser pldi2011
Cruiser pldi2011Cruiser pldi2011
Cruiser pldi2011nytshade15
Β 
Accelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data LakeAccelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data LakeAlluxio, Inc.
Β 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and AccumuloJohn Dougherty
Β 
Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...Principled Technologies
Β 

Similar to SafeFS: A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all) (20)

Open Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex YangOpen Stack Cheng Du Swift Alex Yang
Open Stack Cheng Du Swift Alex Yang
Β 
Xen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiencesXen virtualization and multi-brick enviornment experiences
Xen virtualization and multi-brick enviornment experiences
Β 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and Results
Β 
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Study notes for CompTIA Certified Advanced Security Practitioner (ver2)
Β 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security
Β 
Authenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallelAuthenticated key exchange protocols for parallel
Authenticated key exchange protocols for parallel
Β 
Deep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech TalksDeep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Deep Dive on Elastic File System - February 2017 AWS Online Tech Talks
Β 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
Β 
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]
Β 
Scalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the CloudScalable POSIX File Systems in the Cloud
Scalable POSIX File Systems in the Cloud
Β 
Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170Ibm system storage n series with multi store and snapmover redp4170
Ibm system storage n series with multi store and snapmover redp4170
Β 
SECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptographySECRY - Secure file storage on cloud using hybrid cryptography
SECRY - Secure file storage on cloud using hybrid cryptography
Β 
Securing Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly RebuildingSecuring Pivotal Cloud Foundry by Regularly Rebuilding
Securing Pivotal Cloud Foundry by Regularly Rebuilding
Β 
As34269277
As34269277As34269277
As34269277
Β 
Veracrypt
VeracryptVeracrypt
Veracrypt
Β 
White Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film AssetsWhite Paper: Scaling Servers and Storage for Film Assets
White Paper: Scaling Servers and Storage for Film Assets
Β 
Cruiser pldi2011
Cruiser pldi2011Cruiser pldi2011
Cruiser pldi2011
Β 
Accelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data LakeAccelerating Analytics with EMR on your S3 Data Lake
Accelerating Analytics with EMR on your S3 Data Lake
Β 
Sqrrl and Accumulo
Sqrrl and AccumuloSqrrl and Accumulo
Sqrrl and Accumulo
Β 
Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...Distributed storage performance for OpenStack clouds using small-file IO work...
Distributed storage performance for OpenStack clouds using small-file IO work...
Β 

More from vschiavoni

Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep LearningCombining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learningvschiavoni
Β 
DEBS-2023.pdf
DEBS-2023.pdfDEBS-2023.pdf
DEBS-2023.pdfvschiavoni
Β 
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...Shielding Federated Learning Systems against Inference Attacks with ARM Trust...
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...vschiavoni
Β 
Labri 2021-invited-talk
Labri 2021-invited-talkLabri 2021-invited-talk
Labri 2021-invited-talkvschiavoni
Β 
X-Search: Revisiting private web search using Intel SGX
X-Search: Revisiting private web search using Intel SGXX-Search: Revisiting private web search using Intel SGX
X-Search: Revisiting private web search using Intel SGXvschiavoni
Β 
SPLAY: Distributed Systems Made Simple
SPLAY: Distributed Systems Made SimpleSPLAY: Distributed Systems Made Simple
SPLAY: Distributed Systems Made Simplevschiavoni
Β 
Actor concurrency for the JVM: a case study
Actor concurrency for the JVM: a case studyActor concurrency for the JVM: a case study
Actor concurrency for the JVM: a case studyvschiavoni
Β 
DHT and NAT
DHT and NATDHT and NAT
DHT and NATvschiavoni
Β 
FraSCAti: An Open SCA Platform
FraSCAti: An Open SCA PlatformFraSCAti: An Open SCA Platform
FraSCAti: An Open SCA Platformvschiavoni
Β 
Spring Intro
Spring IntroSpring Intro
Spring Introvschiavoni
Β 
Scorware - Spring Introduction
Scorware - Spring IntroductionScorware - Spring Introduction
Scorware - Spring Introductionvschiavoni
Β 
BindingFactory
BindingFactoryBindingFactory
BindingFactoryvschiavoni
Β 
Maven: Convention over Configuration
Maven: Convention over ConfigurationMaven: Convention over Configuration
Maven: Convention over Configurationvschiavoni
Β 

More from vschiavoni (13)

Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep LearningCombining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Combining Asynchronous Task Parallelism and Intel SGX for Secure Deep Learning
Β 
DEBS-2023.pdf
DEBS-2023.pdfDEBS-2023.pdf
DEBS-2023.pdf
Β 
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...Shielding Federated Learning Systems against Inference Attacks with ARM Trust...
Shielding Federated Learning Systems against Inference Attacks with ARM Trust...
Β 
Labri 2021-invited-talk
Labri 2021-invited-talkLabri 2021-invited-talk
Labri 2021-invited-talk
Β 
X-Search: Revisiting private web search using Intel SGX
X-Search: Revisiting private web search using Intel SGXX-Search: Revisiting private web search using Intel SGX
X-Search: Revisiting private web search using Intel SGX
Β 
SPLAY: Distributed Systems Made Simple
SPLAY: Distributed Systems Made SimpleSPLAY: Distributed Systems Made Simple
SPLAY: Distributed Systems Made Simple
Β 
Actor concurrency for the JVM: a case study
Actor concurrency for the JVM: a case studyActor concurrency for the JVM: a case study
Actor concurrency for the JVM: a case study
Β 
DHT and NAT
DHT and NATDHT and NAT
DHT and NAT
Β 
FraSCAti: An Open SCA Platform
FraSCAti: An Open SCA PlatformFraSCAti: An Open SCA Platform
FraSCAti: An Open SCA Platform
Β 
Spring Intro
Spring IntroSpring Intro
Spring Intro
Β 
Scorware - Spring Introduction
Scorware - Spring IntroductionScorware - Spring Introduction
Scorware - Spring Introduction
Β 
BindingFactory
BindingFactoryBindingFactory
BindingFactory
Β 
Maven: Convention over Configuration
Maven: Convention over ConfigurationMaven: Convention over Configuration
Maven: Convention over Configuration
Β 

Recently uploaded

Volatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -IVolatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -INandakishor Bhaurao Deshmukh
Β 
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tanta
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tantaDashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tanta
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tantaPraksha3
Β 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxNandakishor Bhaurao Deshmukh
Β 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
Β 
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.aasikanpl
Β 
zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzohaibmir069
Β 
Harmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms PresentationHarmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms Presentationtahreemzahra82
Β 
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.aasikanpl
Β 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxkessiyaTpeter
Β 
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.aasikanpl
Β 
Gas_Laws_powerpoint_notes.ppt for grade 10
Gas_Laws_powerpoint_notes.ppt for grade 10Gas_Laws_powerpoint_notes.ppt for grade 10
Gas_Laws_powerpoint_notes.ppt for grade 10ROLANARIBATO3
Β 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxFarihaAbdulRasheed
Β 
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.aasikanpl
Β 
TOTAL CHOLESTEROL (lipid profile test).pptx
TOTAL CHOLESTEROL (lipid profile test).pptxTOTAL CHOLESTEROL (lipid profile test).pptx
TOTAL CHOLESTEROL (lipid profile test).pptxdharshini369nike
Β 
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”soniya singh
Β 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.PraveenaKalaiselvan1
Β 
Module 4: Mendelian Genetics and Punnett Square
Module 4: Mendelian Genetics and Punnett SquareModule 4: Mendelian Genetics and Punnett Square
Module 4: Mendelian Genetics and Punnett SquareIsiahStephanRadaza
Β 
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |aasikanpl
Β 

Recently uploaded (20)

Volatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -IVolatile Oils Pharmacognosy And Phytochemistry -I
Volatile Oils Pharmacognosy And Phytochemistry -I
Β 
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tanta
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tantaDashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tanta
Dashanga agada a formulation of Agada tantra dealt in 3 Rd year bams agada tanta
Β 
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptxTHE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
THE ROLE OF PHARMACOGNOSY IN TRADITIONAL AND MODERN SYSTEM OF MEDICINE.pptx
Β 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Β 
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Hauz Khas Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Β 
Hot Sexy call girls in Moti Nagar,πŸ” 9953056974 πŸ” escort Service
Hot Sexy call girls in Moti Nagar,πŸ” 9953056974 πŸ” escort ServiceHot Sexy call girls in Moti Nagar,πŸ” 9953056974 πŸ” escort Service
Hot Sexy call girls in Moti Nagar,πŸ” 9953056974 πŸ” escort Service
Β 
zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistan
Β 
Harmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms PresentationHarmful and Useful Microorganisms Presentation
Harmful and Useful Microorganisms Presentation
Β 
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Aiims Metro Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Β 
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptxSOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
SOLUBLE PATTERN RECOGNITION RECEPTORS.pptx
Β 
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Mayapuri Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Β 
Gas_Laws_powerpoint_notes.ppt for grade 10
Gas_Laws_powerpoint_notes.ppt for grade 10Gas_Laws_powerpoint_notes.ppt for grade 10
Gas_Laws_powerpoint_notes.ppt for grade 10
Β 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
Β 
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”9953322196πŸ” πŸ’―Escort.
Β 
TOTAL CHOLESTEROL (lipid profile test).pptx
TOTAL CHOLESTEROL (lipid profile test).pptxTOTAL CHOLESTEROL (lipid profile test).pptx
TOTAL CHOLESTEROL (lipid profile test).pptx
Β 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
Β 
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”
Call Girls in Munirka Delhi πŸ’―Call Us πŸ”8264348440πŸ”
Β 
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
BIOETHICS IN RECOMBINANT DNA TECHNOLOGY.
Β 
Module 4: Mendelian Genetics and Punnett Square
Module 4: Mendelian Genetics and Punnett SquareModule 4: Mendelian Genetics and Punnett Square
Module 4: Mendelian Genetics and Punnett Square
Β 
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 β‰Ό Call Girls In Mukherjee Nagar(Delhi) |
Β 

SafeFS: A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all)

  • 1. SafeFS:A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all) Invited Talk - UFSM, Santa Maria, Brasil 02 February 2018 RogΓ©rio Pontes1, Dorian Burihabwa2, Francisco Maia1, JoΓ£o Paulo1, Valerio Schiavoni2, Pascal Felber2, Hugues Mercier2, Rui Oliveira1 1High Assurance Software Lab, INESC TEC and University of Minho, Portugal 2University of NeuchΓ’tel, Switzerland (previously: SYSTOR’17, Haifa, Israel)
  • 2. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS but first…where is NeuchΓ’tel? 2
  • 3. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Data is growing at an unprecedented rate β€’ Cloud storage is the de facto choice for millions of users and enterprises β€’ reduced costs β€’ availability β€’ ease of use Cloud Storage 3
  • 4. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Heterogeneous interfaces for applications β€’ Data control belongs to the cloud β€’ according to a European study conducted in 2015 β€’ 67% of the population is concerned with data privacy β€’ only 15% of users think to be in control of their data β€’ Cloud data is vulnerable to β€’ hackers, storage providers, governmental agencies β€’ other (possibly unknown) threats 4 not in this talk Cloud Storage
  • 5. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Abstract third-party interfaces β€’ e.g., multi-cloud file system β€’ Support data processing at the client premises before uploading it to cloud services β€’ data encryption β€’ replication, deduplication, caching Current Solutions 5
  • 6. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Traditional filesystems follow a monolithic design β€’ Different applications have specific requirements β€’ performance β€’ dependability β€’ security β€’ ➑ different storage features Challenges 6 ext3 ext4 encFS CryFS
  • 7. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Stackable file system solutions improve flexibility β€’ Their design is still limited: β€’ focused on the modularity of a specific feature β€’ decisions (kernel vs user-space) 7 source: hypem.com Challenges
  • 8. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ SafeFS: A modular user-space secure file system β€’ layered design with two-dimensional modularity β€’ self-contained, stackable and reusable layers β€’ easy implementation & reuse of layers β€’ support for single and multiple storage backends β€’ adaptability to different application workloads β€’ transparency for applications Contributions 8
  • 9. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’Architecture β€’Life of a SafeFS operation β€’Some implementation details β€’Some evaluation results β€’Conclusion The rest of this talk 9 😈 πŸ› πŸ“– πŸ–‹ πŸ”¬( 🎬
  • 10. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Layers β€’ processing vs storage β€’ stackable β€’ common API (FUSE) β€’ Drivers β€’ extended flexibility β€’ common API Architecture 10 User Application FUSE User-Space Library SafeFS Processing FUSE Virtual Filesystem . . . Processing FUSE Processing FUSE Processing FUSE Processing FUSE Storage FUSE Storage FUSE Privacy-Preserving Layer Drivers AES DET FUSE FUSE Kernel ModuleKernel Space User Space Layer 0 Layer 1 Layer N-2 Layer N-1 Layer N . . . ... request reply
  • 11. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Storage requests flow 11 User Application Fuse User-Space Library SafeFS Processing FUSE API Virtual Filesystem Fuse Kernel Module Kernel Space User Space Storage FUSE API Storage FUSE API βž‘ βž‹ ➐ ➏ ➎ ➍ ➌ ➎ request reply ➊ ➍
  • 12. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS SafeFS - Implementation 12 SafeFS Privacy-Preserving Layer Drivers AES DET ... Granularity-Oriented Layer Drivers Block ID Multiple-backend Layer Drivers REP XOR ER NFS Dropbox Other Storage ... FUSE ... β€’ 3 Supported layers β€’ Granularity-Oriented β€’ Privacy-Preserving β€’ Multiple-Backend β€’ Layers and drivers chosen at mount time β€’ Implemented in C
  • 13. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS SafeFS - Configuration 13 β€’ Possible combinations of layers and drivers Granularity-Oriented Privacy-Preserving Multiple-Backend Groups Stack Block Id AES Det Id Simple XOR Erasure Baseline FUSE β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,1 β‡₯ β‡₯ Identity β‡₯ p β‡₯ β‡₯ p p ,1 β‡₯ β‡₯ Privacy AES p β‡₯ p β‡₯ β‡₯ p ,1 β‡₯ β‡₯ Det p β‡₯ β‡₯ p β‡₯ p ,1 β‡₯ β‡₯ XOR β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 β‡₯ Redundancy Rep β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 β‡₯ β‡₯ Erasure p β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ β‡₯ p ,3 Table 2: The di↡erent SafeFS stacks deployed in the evaluation. Stacks are divided in three distinct groups: Baseline Privacy, Redundancy. The table header holds the three SafeFS layers. Below each layer we show the respective drivers. Fo each stack, we indicate the active drivers (the p symbol). Layers without any active drivers are not used in the stack. Th ndices for Multiple-Backend drivers indicate the number of storage backends used to write data. tively to a standard and a deterministic encryption mecha- nism. The AES stack is expected to be less e cient than Det as it generates a di↡erent IV for each block. However, Det has the weakest security guarantee. The third stack, named XOR, considers a di↡erent trust model where no single stor- age location is trusted with the totality of the ciphered data. Data is stored across distinct storage back-ends in such a way that unless an attacker gains access simultaneously to We ran several workloads for each considered file system (4 third-party file systems and 7 SafeFS stacks). The result have been grouped according to the workloads. First, w present the results of using db_bench, then filebench and finally, we describe the results of running latency analysi for SafeFS layers. Microbenchmark: db bench. We first present the re sults obtained with db_bench. We pick 7 workloads, each β€’ Each offering different guarantees in terms of β€’ security β€’ dependability β€’ performance
  • 14. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Multiple benchmarks and workloads β€’ filebench β€’ db_bench β€’ Third-party filesystems and SafeFS configurations β€’ 7 SafeFS setups β€’ 4 filesystems (CryFS, LessFS, MetFs and eCryptFS) β€’ Experimental setup β€’ Virtual Machines with 4 Cores, 4GB RAM and HDD drives Experimental Evaluation 14
  • 15. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Filebench results 15 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnativ 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnative(ext4) βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq ExecutionTime(%) multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according to the tasks performed by the layers. The 3 most CPU- facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc β€’ Evaluation of SafeFS setups with 7 filebench workloads β€’ Throughput compared against ext4 β€’ red (below 25%) β€’ orange (up to 75%) β€’ yellow (up to 95%) β€’ green (>= 95%) 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according o the tasks performed by the layers. The 3 most CPU- tensive stacks (AES, Det and Erasure) concentrate their facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc- tions. First, we plan to smooth the e↡orts to integrate any
  • 16. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Filebench results 16 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnativ 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† Ratioagainstnative(ext4) βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq ExecutionTime(%) multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according to the tasks performed by the layers. The 3 most CPU- facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc β€’ Evaluation of SafeFS setups with 7 filebench workloads β€’ Throughput compared with ext4 0 0.2 0.4 0.6 0.8 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† 0 0.2 0.4 0.6 0.8 1 1.2 βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ File-server ➁ Mail-server βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwrite_4K SAFEFS AES SAFEFS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XOR Figure 5: Relative performance of filebench workloads against native. 0 0.2 0.4 0.6 0.8 1 AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR AES Det Erasure FUSE Identity Rep XOR fill100K fillrandom fillseq overwrite readrandom readreverse readseq multi_write sfuse_write align_write multi_read sfuse_read align_read Figure 6: Execution time breakdown for di↡erent SafeFS stacks. As expected, the time spent in each layer varies according o the tasks performed by the layers. The 3 most CPU- tensive stacks (AES, Det and Erasure) concentrate their facilitate future choices for practitioners and researchers. We envision to extend SafeFS along three main direc- tions. First, we plan to smooth the e↡orts to integrate any ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ eCryptFS EncFS MetFS SAFEFS AES SAFEFS Det βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž… βž† βž€ ➁ βž‚ βžƒ βž„ βž‚ Web-server βžƒ filemicro_rread_4K βž„ filemicro_rwrite_4K βž… filemicro_seqread_4K βž† filemicro_seqwri FS Det SAFEFS Erasure SAFEFS FUSE SAFEFS Identity SAFEFS Rep SAFEFS XO
  • 17. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS Other results 17 β€’ DB_bench experiments β€’ significant overhead in write requests β€’ read requests performance close to ext4 β€’ uniform results across SafeFS and other filesystems β€’ Time spent in each SafeFS layer β€’ Setups using encryption or erasure coding require significant processing time and CPU in the respective layers β€’ The Granularity-Oriented layer is time- demanding specially for write requests
  • 18. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Strict combinations of storage features cannot fulfil the requirements of distinct applications β€’ SafeFS addresses this challenge with β€’ a modular layer and driver design β€’ a common API for easily stacking layers β€’ Allows to create β€’ combinations of storage features based on applications requirements β€’ to reduce the cost and complexity of reusing or implementing new layers Conclusion /1 18
  • 19. Valerio Schiavoni - University of Neuchatel! UFSM - 02/02/2018SafeFS β€’ Our experiments show that β€’ different SafeFS setups are easily deployable β€’ a layered approach has similar performance to other monolithic privacy-preserving filesystems β€’ Future Work β€’ Workload-aware and automatic configuration of layers β€’ Run-time configuration of layers and drivers β€’ Encryption keys management and access control Conclusion /2 19 Open source, Available at https://github.com/safecloud-project/SafeFS
  • 20. SafeFS:A Modular Architecture for Secure User-Space File Systems (One FUSE to rule them all) Invited Talk - UFSM, Santa Maria, Brasil 02 February 2018 RogΓ©rio Pontes1, Dorian Burihabwa2, Francisco Maia1, JoΓ£o Paulo1, Valerio Schiavoni2, Pascal Felber2, Hugues Mercier2, Rui Oliveira1 1High Assurance Software Lab, INESC TEC and University of Minho, Portugal 2University of NeuchΓ’tel, Switzerland