least authority file system
play

Least-Authority File System presented at TERENA TF-Storage WS 15 by - PowerPoint PPT Presentation

Least-Authority File System presented at TERENA TF-Storage WS 15 by Zooko Wilcox-O'Hearn the open-source project, by Brian Warner, Zooko, Daira Hopwood, and many more: https://Tahoe-LAFS.org commercial support, by Zooko, Daira, and many more:


  1. Least-Authority File System presented at TERENA TF-Storage WS 15 by Zooko Wilcox-O'Hearn the open-source project, by Brian Warner, Zooko, Daira Hopwood, and many more: https://Tahoe-LAFS.org commercial support, by Zooko, Daira, and many more: https://LeastAuthority.com (Brian is working at Mozilla.)

  2. What's the Big Idea? • the Principle of Least-Authority applied to distributed storage Mark S. Miller “Robust Composition” PhD Thesis, Johns Hopkins University, 2006. Why are we doing this? • This approach is both possible and practical. • We started this is 1999, because we thought it would be important. • We were right.

  3. Reliance Topology, part 1 • users protected from users • users protected from providers (end-to-end security) • providers protected from providers (federation) Reliance Topology, part 2 • (see whiteboard)

  4. Architecture • architecture Tahoe-LAFS storage servers  • Disk backend • Cloud backend under development (S3, OpenStack, Google, Azure) -LAFS gateway Tahoe-LAFS client • Web browser Tahoe-LAFS • Command-line tool web-API • tahoe backup tool Tahoe-LAFS • JavaScript frontends Tahoe-LAFS storage protocol storage FTP • duplicity FTP over TCP/SSL client • GridBackup (incomplete) server SFTP • FTP and SFTP clients SFTP • FUSE via sshfs server security perimeter for provider-independent confidentiality and integrity Red means that whoever controls that link or that machine can see your files and change their contents. In other words, you rely on that component for confidentiality and integrity.  Black means that whoever controls that link or that machine cannot see your files or change their contents. In other words, you   do not rely on that component for confidentiality and integrity

  5. How It Works: mutable and imm mut immutable files

  6. How It Works: mutable and imm mut immutable files read read write

  7. How It Works: mutable and immutable files read cipher key (AES) imm read cipher key (AES) mut write cipher key (AES)

  8. How It Works: mutable and immutable files read cipher key (AES) imm hash value (SHA256) read cipher key (AES) mut write cipher key (AES)

  9. How It Works: mutable and immutable files read cipher key (AES) imm hash value (SHA256) read verifying key (RSA), cipher key (AES) mut write signing key (RSA), cipher key (AES)

  10. How It Works: Chordlike server selection (see whiteboard)

Recommend


More recommend