-
DurableFS: A File System for Persistent Memory
With the availability of hybrid DRAM-NVRAM memory on the memory bus of C...
read it
-
Fast Integrity Verification for High-Speed File Transfers
The amount of data generated by scientific and commercial applications i...
read it
-
Automated Symbolic Verification of Telegram's MTProto 2.0
MTProto 2.0 is a suite of cryptographic protocols for instant messaging ...
read it
-
BPF for storage: an exokernel-inspired approach
The overhead of the kernel storage path accounts for half of the access ...
read it
-
FileBounty: Fair Data Exchange
Digital contents are typically sold online through centralized and custo...
read it
-
Hardening X.509 Certificate Issuance using Distributed Ledger Technology
The security of cryptographic communication protocols that use X.509 cer...
read it
-
How incomputable is Kolmogorov complexity?
Kolmogorov complexity is the length of the ultimately compressed version...
read it
The Design and Implementation of a Verified File System with End-to-End Data Integrity
Despite significant research and engineering efforts, many of today's important computer systems suffer from bugs. To increase the reliability of software systems, recent work has applied formal verification to certify the correctness of such systems, with recent successes including certified file systems and certified cryptographic protocols, albeit using quite different proof tactics and toolchains. Unifying these concepts, we present the first certified file system that uses cryptographic primitives to protect itself against tampering. Our certified file system defends against adversaries that might wish to tamper with the raw disk. Such an "untrusted storage" threat model captures the behavior of storage devices that might silently return erroneous bits as well as adversaries who might have limited access to a disk, perhaps while in transit. In this paper, we present IFSCQ, a certified cryptographic file system with strong integrity guarantees. IFSCQ combines and extends work on cryptographic file systems and formally certified file systems to prove that our design is correct. It is the first certified file system that is secure against strong adversaries that can maliciously corrupt on-disk data and metadata, including attempting to roll back the disk to earlier versions of valid data. IFSCQ achieves this by constructing a Merkle hash tree of the whole disk, and by proving that tampered disk blocks will always be detected if they ever occur. We demonstrate that IFSCQ runs with reasonable overhead while detecting several kinds of attacks.
READ FULL TEXT
Comments
There are no comments yet.