Fareed Zaffar
Duke University
USA
Ashish Gehani
University of Notre Dame
USA
Gershon Kedem
Duke University
USA
Paranoid file system is an encrypted, secure, global file system with user-managed access control. The system facilitates peer to peer, application-transparent file sharing with minimal overhead. This paper presents the design, implementation and evaluation of the Paranoid file system and its access-control architecture. The secure file system enables users to grant selective unix-like Read/Write access to peer-groups across administrative boundaries. Files are kept encrypted and access control translates into key distribution. The system uses a novel transformation key scheme to manage encryption keys efficiently and securely. The scheme does not use a group-shared secret and it provides simple and inexpensive revocation. Our scheme minimizes damage in case of a compromise and reduces the overall number of trusted system components. The Paranoid secure file system works seamlessly with existing applications through the use of interposition agents. The interposition agents provide a layer of indirection where all encrypted file system kernel commands are intercepted providing remote file operations and data encryption/decryption, without having to modify the OS.
Keywords: Secure File systems,