Paranoid: A Global Secure File Access Control System

Fareed Zaffar
Duke University
USA

Ashish Gehani
University of Notre Dame
USA

Gershon Kedem
Duke University
USA

Paranoid file system is an encrypted, secure, global file system with user-managed access control. The system facilitates peer to peer, application-transparent file sharing with minimal overhead. This paper presents the design, implementation and evaluation of the Paranoid file system and its access-control architecture. The secure file system enables users to grant selective unix-like Read/Write access to peer-groups across administrative boundaries. Files are kept encrypted and access control translates into key distribution. The system uses a novel transformation key scheme to manage encryption keys efficiently and securely. The scheme does not use a group-shared secret and it provides simple and inexpensive revocation. Our scheme minimizes damage in case of a compromise and reduces the overall number of trusted system components. The Paranoid secure file system works seamlessly with existing applications through the use of interposition agents. The interposition agents provide a layer of indirection where all encrypted file system kernel commands are intercepted providing remote file operations and data encryption/decryption, without having to modify the OS.

Keywords: Secure File systems,

Read Paper Read Paper (in PDF)