USENIX 2001 Abstract
Unifying File System Protection
Christopher A. Stein, Harvard University; John H. Howard, Sun Microsystems; and Margo Seltzer, Harvard University
This paper describes an efficient and elegant architecture
for unifying the meta-data protection of journaling
file systems with the data integrity protection of collision-
resistant cryptographic hashes. Traditional file system
journaling protects the ordering of meta-data
operations to maintain consistency in the presence of
crashes. However, journaling does not protect important
system meta-data and application data from modification
or misrepresentation by faulty or malicious storage
devices. With the introduction of both storage-area networking
and increasingly complex storage systems into
server architectures, these threats become an important
This paper presents the protected file system (PFS), a
file system that unifies the meta-data update protection
of journaling with strong data integrity. PFS computes
hashes from file system blocks and uses these hashes to
later verify the correctness of their contents. Hashes are
stored within a system log, apart from the blocks they
describe, but potentially on the same storage system.
The write-ahead logging (WAL) protocol and the file
system buffer cache are used to aggregate hash writes
and allow hash computations and writes to proceed in
PFS does not require the sharing of secrets between the
operating system and the storage system nor the deployment
of any special cryptographic firmware or hardware.
PFS is an end-to-end solution and will work with
any block-oriented device, from a disk drive to a monolithic
RAID system, without modification.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.