SafeFS: A modular architecture for secure user-space file systems (one FUSE to rule them all)

TitleSafeFS: A modular architecture for secure user-space file systems (one FUSE to rule them all)
Publication TypeConference Paper
Year of Publication2017
AuthorsPontes R, Burihabwa D, Maia F, Paulo J, Schiavoni V, Felber P, Mercier H, Oliveira R
Conference NameSYSTOR - Proceedings of the 10th ACM International Systems and Storage Conference
Date PublishedMay/2017
Conference LocationHaifa, Israel
KeywordsData Confidentiality, FUSE, Privacy at Rest, Software Defined Storage

The exponential growth of data produced, the ever faster and ubiquitous connectivity, and the collaborative processing tools lead to a clear shift of data stores from local servers to the cloud. This migration occurring across different application domains and types of users|individual or corporate|raises two immediate challenges. First, outsourcing data introduces security risks, hence protection mechanisms must be put in place to provide guarantees such as privacy, condentiality and integrity. Second, there is no one-size-ts-all" solution that would provide the right level of safety or performance for all applications and users, and it is therefore necessary to provide mechanisms that can be tailored to the various deployment scenarios. In this paper, we address both challenges by introducing SafeFS, a modular architecture based on software-dened storage principles featuring stackable building blocks that can be combined to construct a secure distributed le system. SafeFS allows users to specialize their data store to their specic needs by choosing the combination of blocks
that provide the best safety and performance tradeos. The le system is implemented in user space using FUSE and can access remote data stores. The provided building blocks notably include mechanisms based on encryption, replication, and coding. We implemented SafeFS and performed indepth evaluation across a range of workloads. Results reveal that while each layer has a cost, one can build safe yet e-cient storage architectures. Furthermore, the dierent combinations of blocks sometimes yield surprising tradeos.