File systems protect important data, but existing file systems are not secure enough for today's needs. Moreover, file system development is difficult. This project investigates and develops an infrastructure for easy development of highly-secure and efficient file systems, using an incremental, layered approach, with a focus on network-based file systems. The main technique used is called "stacking": a method for one file system to pass through the operations and data to one or more other file systems. With stacking it is possible to intercept file system operations and then control them as needed. Examples of file systems that are being developed include strong transparent encryption, transparent checksumming for integrity, versioning, transparent virus detection, load-balancing, replication, sand-boxing, hooks for Intrusion Detection Systems (IDSs), and more.
Stackable file systems placement is investigated for three different locations along the data path. (1) on clients, offering end-to-end assurances; (2) on servers, enabling powerful IDS capabilities; and (3) on intermediate proxies, transparently controlling file servers with minimal site impact.
The significance of this work is that it creates OS infrastructure that will allow future developers to build highly-secure and efficient file systems easily; several working file system examples are developed; and enhancements are investigated for general OS support for secure file systems. This research and teaching will usher a new era of secure file system development.
