Intelligent Storage Consortium

Exposing rich user services through interfaces

Sunil K.T. Subramanya Vishal Kher Sojeong Hong David H.C. Du Yongdae Kim {subram, vkher, shong, du, kyd}@cs.umn.edu Motivation

 Fuse + OSD – Existing applications still use file system interface, ex: backup, archive, indexing applications. So use Fuse to talk with the OSD Target? – Alternative to having a mapping layer from file to objects in the kernel (E.g. osdfs)

 Build a simple networked file system - CoreFS – With core functionalities – Simple to extend

(SecFS) – Extension to CoreFS

2 What is FUSE

 FUSE is a framework which allows implementing file systems in the user space.

 It consists of 2 components – User space library (dynamically linkable) which is used by file system implementers. – Kernel module which binds to the VFS and redirects calls to the fuse library.

 Example FS using Fuse: , cvsfs, , GmailFS, , …

3 How FUSE works

http://fuse.sourceforge.net 4 Why use FUSE?

 Advantages: – Flexibility – easy to code in user space than kernel space. – File system implementation not tied to any particular OS. – Doesn’t require Kernel recompile. – Non-privileged mounts possible.

 Disadvantage: – Performance - redundant data copy, many user space/kernel space switches

5 FUSE on Open Solaris Project

 Objective: Provide Fuse functionality for Solaris.

 Phase1: – To port existing Fuse implementation from FreeBSD to Open Solaris.

– Current status:

 Works for a Read-only filesystem

 Few vnode operations yet to be implemented.

– Other work to be done include – fuse library, implement necessary locks and kernel handling for more than one FS mount on Solaris.

6 FUSE on Open Solaris Project: Phase 2

 New Features not in current Fuse implementation (fuse 2.5.3): – Implementation of Mmap functionality – Provide record locking, ACL support – Address performance issues related to FUSE message passing mechanism. – Provide inode persistence in the kernel,

 current fuse doesn’t do any persistence.

 So any FS App. crash means all information lost

7 CoreFS: Goals

 A Simple Networked File System – Rapid Prototyping – Educational purposes

 Give file system developers some form of a basic distributed file system – Implement only the “core” functionalities

 File system that is easy to extend – Implementers can extend this file system as per their requirements

 Good potential starting point for our projects – SGFS, accountFS, encFS, …

8 The CoreFS Architecture

Client SGFS ACFS SecFS SGFS ACFS SecFS process CoreFS Client CoreFS Server (/bin/) FUSE Library

FUSE Local VFS file OS Kernel system

CoreFS is available at http://www.cs.umn.edu/research/sclab/coreFS.html

9 Performance

12000 12000

10000 10000 ) ) s

s 8000 8000 / / B B K K ( (

t t 6000 6000 u u p p t h h g g u 4000 u 4000 o o r r h h T T 2000 2000

0 0 4 8 16 32 64 128 256 512 1024 4 8 16 32 64 128 256 512 1024 Write performanceRecord Length (KB) Read performanceRecord Length (KB)

 Performed between 3GHz PentiumIV machines with 1GB of RAM with 2.6.13 and 100Mbps

 To avoid 4KB limit CoreFS was run in direct IO mode

 Currently CoreFS client does not perform any caching

10 Encrypting File System (SecFS): Motivation

 Growth in sensitive data

 Demand on secure file system – Company includes large number of different projects, different types of groups etc – Large amount of data is shared – Requires efficient key management

 Storage outsourcing – + Reduce maintenance cost – - Untrusted third party storage

11 SecFS - High-level Goals

 Implement a basic framework for secure file sharing and key management

 Use this to design new key management schemes

 Use this framework to evaluate existing key management mechanisms based on various factors – For example, number of revocations, group size, etc.

12 SecFS Features

 Provides end-to-end – Writer encrypts and reader decrypts.

 Makes cryptographic operations transparent to users

 Enables secure file sharing by distributing group key

 Employs a trusted key server while using untrusted storage

 Reduces cost required for group key distribution, computation, and storage using an efficient group key management scheme – Currently implemented: SD, OFT key management schemes

D. Naor et al. Revocation and Tracing Schemes for Stateless Receiver. Croypto 2001. D.A.McGrew et al. Key Establishment in Large Dynamic Groups Using One-way Function Trees. 13 System Components

Key Server Key Server Machine OFT SD Group Man. Library

suseradd id.. secFS client secFS server suserdel id.. OFT SD OFT SD Group Man. Library Group Man. Library CoreFS client CoreFS fileserver vi topsecret.txt FUSE Library

FUSE kernel VFS VFS

Client Machine Storage Server 14 System Overview

GROUP CREATE, MEMBER ADD, DELETE

KEY SERVER

GROUP OWNER SECRET KEY SEND INITIALIZATION REKEYING INFO

ENCRYPTED DATA READ/WRITE MEMBERS UNTRUSTED STORAGE DATA ENCRYPT/DECRYPT

secure channel insecure channel 15 Future Work

 CoreFS – Make client multi-threaded to allow asynchronous calls – Support all system calls – Implement caching

 SecFS – Support key update during data update if there is group key version changes – Optimizations

 Maintain key tree on disk (database or filesystem) to support multiple groups – Make secure channel (authentication, link encryption) – Performance Evaluation

16