| With the scale of distributed systems continuing to grow, data security faces more and more threats. Distributed file systems, as the vital components for data storing and sharing, should offer protections in two perspectives– data storage security and trust management.This thesis showed that the trust assumption of the popular distributed file systems is not held in these days and the existing encrypting file systems are not suitable for distributed applications. Based on this background, this thesis presents an encrypting file system, namely uCryptfs, which is carefully designed for distributed environments.uCryptfs protects data confidentiality by storing data in encrypted form,using HMAC to ensure data integrity. A variety of cryptographic algorithms are supported. With the employment of an extensible key management architecture, uCryptfs supports different forms of user key, including group key for file sharing. Users could select the right form for different applications. uCryptfs is implemented as a stackable file system, so it is efficient, flexible, portable and could be combined with any distributed file system.None of the classic distributed file systems can help users to identify which files are trustable. To solve this problem, this thesis presents a distributed file system named TrustFs, which uses digital signature for file owner's authentication and trust management techniques for users'trust metric evaluation. Aided by TrustFs, users could easily distinguish unsafe files from others.uCryptfs and TrustFs could be used in parallel for storage security and trustable file sharing, or work in a combined way for special requirements. The thesis puts uCryptfs into a framework for evaluating storage system security, concluding that uCryptfs could resist most leak attack and offers fine-grained granularity without loss of user convenience. |
PDF Full Text Request