Check out the new USENIX Web site. next up previous
Next: 3.1 Overview Up: Block-Level Security for Network-Attached Previous: 2.6 Data structures and


3 Implementation

We have implemented a prototype NAD file system, called Snapdragon, that uses our security approach. To do so, we modified Linux's existing kernel-based implementation of NFS version 2. (We used version 2 as a base because version 3 is not available as a loadable module, hindering debugging.) NFS and its utilities comprise about 45,000 lines of C. To this we added: (1) new filesystem code comprising 7,500 lines (4,000 at the server and 3,000 at the client); (2) new disk functionality comprising about 1,000 lines (see Figure 5); and (3) a security library of about 14,000 lines, the vast majority of which was imported from openssl.




Subsections

Mark Lillibridge 2003-01-06