In some cases, we are able to modify a file server's implementation to transparently add security (e.g., adding UID/GID range-mapping and cloaking). We investigate proxy techniques that reside in between clients and servers and monitor file system activity at a high level.
In this project we are also evaluating vulnerabilities in existing NFS systems that may allow an attacker to gain file access without proper authentication.
In addition, we are designing a client-side encryption scheme for NFSv4. This latest version of NFS is intended for use over the Internet, and there are usage scenarios where clients store data on untrusted servers. In our encryption scheme, clients will encrypt data before it is sent to the server. This data will be stored in encrypted form, and will be decrypted by the client when the data is read.
Download software.
| # | Title (click for html version) | Formats | Published In | Date | Comments |
| 1 | Round-Trip Privacy with NFSv4 | PS PDF BibTeX | Third ACM International Workshop on Storage Security and Survivability (StorageSS 2007) held in conjunction with the 14th ACM CCS. | Oct 2007 | Source code and benchmark information. |
| 2 | Adding Secure Deletion to Your Favorite File System | PS PDF BibTeX | Third IEEE Security In Storage Workshop (SISW 2005) | Dec 2005 | |
| 3 | Increasing Distributed Storage Survivability with a Stackable RAID-like File System | PS PDF BibTeX | First IEEE/ACM Workshop on Cluster Security, in conjunction with the Fifth IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGrid 2005) | May 2005 | Won Best Paper Award |
| 4 | Enhancing NFS Cross-Administrative Domain Access | PS PDF BibTeX | Usenix Technical Conference, FREENIX Track | Jun 2002 |
| # | Title (click for html version) | Formats | Published In | Date | Comments |
| 1 | NFS File Handle Security | PS PDF BibTeX | Stony Brook U. CS TechReport FSL-04-03 | May 2004 |
| # | Name (click for home page) | Program | Period | Current Location |
| 1 | Abhishek Rai | PhD | Sep 2003 - Aug 2005 | Member of the Technical Staff, Structured Data Access group, VMware, Inc. (Palo Alto, CA) |
| 2 | Joseph Spadavecchia | PhD | May 2001 - Aug 2002 | |
| 3 | Avishay Traeger | PhD | Sep 2003 - Aug 2008 | Research Staff Member, Storage Systems and Performance Management group, IBM Tel Aviv Research Lab (Tel-Aviv, Israel) |
| 4 | Ana Centeno | MS | Sep 2002 - May 2003 | Rutgers University CS Ph.D. program (Piscataway, NJ) |
| 5 | Puja Gupta | MS | Jan 2003 - Dec 2003 | File Systems Engineer, Apple (Cupertino, CA) |
| 6 | Swaroop Karunakara | MS | Sep 2002 - Dec 2003 | Sustaining Engineer, netApp (Bangalore, India) |
| 7 | Nitin Khosla | MS | May 2002 - Dec 2002 | Bloomberg (New York, NY) |
| 8 | Nishant Nagalia | MS | Sep 2002 - May 2004 | Software Engineer, Ashley Laurent (Austin, TX) |
| 9 | Delia Paval | MS | May 2002 - Dec 2002 | Assistant Vice President, Credit Suisse Group, (New York, NY) |
| 10 | Sheshadri Sreenath | MS | Sep 2002 - May 2003 | Senior Software Engineer, Intrushield Sensor (Embedded) team, McAfee India Development Center (Bangalore, India) |
| 11 | Kumar Thangavelu | MS | Jan 2007 - Dec 2007 | Member of Technical Staff, Engineering Development, Riverbed Technology (Sunnyvale, CA) |
| 12 | Rongqing ``Frank'' Tu | MS | May 2002 - Dec 2002 | Software Engineer, Storage Systems Group, Silicon Graphics, Inc. (Eagan, MN) |
| 13 | Zhenghong ``Sam'' Yang | MS | May 2002 - Feb 2003 | IBM |
| 14 | Zhou Zhang | MS | Sep 2002 - Dec 2002 | IBM T.J. Watson research center |
| # | Sponsor | Amount | Period | Type | Title (click for award abstract) |
| 1 | IBM Faculty Award | $20,000 | 2006-2007 | Sole PI | End-To-End File Server Security |
| 2 | NSF Trusted Computing (TC) | $400,000 | 2003-2006 | Sole PI | A Layered Approach to Securing Network File Systems |
| 3 | SPIR | $94,581 | 2003 | Sole PI | Secure Shared Storage |
| 4 | SPIR | $55,676 | 2002 | Sole PI | A Secure and Scalable Network Appliance |