Unix-Like Access Permissions in Fully Decentralized File Systems Johanna Amann, Thomas Fuhrmann Technische Universität München, Germany

Unix-like Access Permissions in Fully Decentralized File Systems Johanna Amann, Thomas Fuhrmann Technische Universität München, Germany

1 Each user and each group owns a dedicated Features: / (root) home amann Documents poster.pdf directory tree. It contains all data belonging to - Unix-like permissions on untrusted storage the user/group. A hash-tree secures the - enforced only by cryptography directory tree. The top-level directory is signed. - fork consistency i.e. resistent against Thus the whole tree can be veriﬁed. rollback attacks Providing Conﬁdentiality, Authenticity, and 28876FF... Integrity hash of directory - fast, only requires symmetric cryptography superuser and subdirectories Access Permissions on Fully Decentralized Version: 10 Untrusted Storage - ACLs can be layered on top of this approach, Directory version albeit with considerable overhead - works on block/chunk oriented storage Hash and version are signed by user/group

2 5 The visible root of the file system is All users have access to the keys contained within the dedicated directory, which stores the data directory structure of the file-system needed to verify user signatures. The superuser. superuser hash tree protects the 2 837561A... 1B05524... signatures. 3 / home Redirects glue the different user- 6 and group directory structures 28876FF... 1 Groups are split into a public and B55A142... 7B3220A... superuser together. home amann a private part. The pointers to the Version: 10 private subdirectory are encrypted Files and directories are referenced FAD2452... with the current group key. 7A35209... 5 B70462F... A22A182... 3 multiple times in the hierarchy. amann .users amann Documents Version: 5 Group keys are distributed to users using the subset difference algorithm. 4 4 7 9365B12... B42A6F2... 34B67FA... BD9E272... Keys have to be changed upon change The superuser signs the root directory root .keys Documents poster.pdf in the same way the user and group Version: 30 in group membership. directories are signed. C3FB288... 6F83367... 67AFFE2... 734B235... 7 .groups staff public Documents The hash-tree of the root-directory only Version: 25 A group- and world-readable file is protects user and group directories. It present in the user- and public

does not include their contents. 127F3BA... 6 8342AAB... group directory structure. private Documents G Depending on the signed parameters in the user directory it may also be group- and world- writable.