Self-certifying File System
Encyclopedia
In computing, Self-certifying File System (SFS) is a global and decentralized, distributed file system
for Unix-like
operating systems, while also providing transparent encryption
of communications as well as authentication
. It aims to be the universal distributed file system by providing uniform access to any available server, however, the usefulness of SFS is limited by the low deployment of SFS clients. It was developed in the June 2000 doctoral thesis of David Mazières.
daemon
implements the Sun's Network File System (NFS) protocol for communicating with the operating system
, and thus can work on any operating system that supports NFS, including Windows
. The client manages connections to remote file systems as necessary, acting as a kind of protocol translation layer. The SFS server works similarly to other distributed file system servers, by exposing an existing disk file system over the network, over the specific SFS protocol. On Unix-like
systems, SFS file systems can usually be found at /sfs/hostname:hostID. When an SFS file system is first accessed through this path, a connection to the server is made and the directory is created ("automounted").
In addition to the new perspective, SFS also addresses some commonly raised limitations of other distributed file systems. For example, NFS and SMB
clients have to rely on the server for file system security policies, and NFS servers have to rely on the client computer for authentication. This often complicates security, as one compromised computer could breach the security of the entire organization. The NFS and SMB protocols also do not by themselves provide confidentiality
(encryption) or tamper resistance
from other computers on the network, without encapsulation layers such as IPsec
.
Unlike Coda
and AFS
, SFS does not provide local caching
of remote files and thus is more dependent on network reliability, latency
and bandwidth
.
Distributed file system
Network file system may refer to:* A distributed file system, which is accessed over a computer network* Network File System , a specific brand of distributed file system...
for Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems, while also providing transparent encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
of communications as well as authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
. It aims to be the universal distributed file system by providing uniform access to any available server, however, the usefulness of SFS is limited by the low deployment of SFS clients. It was developed in the June 2000 doctoral thesis of David Mazières.
Implementation
The SFS clientClient (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
implements the Sun's Network File System (NFS) protocol for communicating with the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, and thus can work on any operating system that supports NFS, including Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. The client manages connections to remote file systems as necessary, acting as a kind of protocol translation layer. The SFS server works similarly to other distributed file system servers, by exposing an existing disk file system over the network, over the specific SFS protocol. On Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems, SFS file systems can usually be found at /sfs/hostname:hostID. When an SFS file system is first accessed through this path, a connection to the server is made and the directory is created ("automounted").
Differences
The primary motivation behind the file system is to address the shortcomings of hardwired, administratively configured distributed file systems in larger organizations, and various remote file transfer protocols. It is designed to operate securely between separate administrative realms. For example, with SFS, one could store all their files on a single remote server, and access the same files securely and transparently from any location as if they were stored locally, without any special privileges or administrative cooperation (other than running the SFS client daemon). Available file systems will be found at the same path regardless of physical location, and are implicitly authenticated by their path names — as they include the public-key fingerprint of the server (hence why it is called "self-certifying").In addition to the new perspective, SFS also addresses some commonly raised limitations of other distributed file systems. For example, NFS and SMB
Server Message Block
In computer networking, Server Message Block , also known as Common Internet File System operates as an application-layer network protocol mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an...
clients have to rely on the server for file system security policies, and NFS servers have to rely on the client computer for authentication. This often complicates security, as one compromised computer could breach the security of the entire organization. The NFS and SMB protocols also do not by themselves provide confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
(encryption) or tamper resistance
Tamper resistance
Tamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
from other computers on the network, without encapsulation layers such as IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
.
Unlike Coda
Coda (file system)
Coda is a distributed file system developed as a research project at Carnegie Mellon University since 1987 under the direction of Mahadev Satyanarayanan. It descended directly from an older version of AFS and offers many similar features. The InterMezzo file system was inspired by Coda...
and AFS
Andrew file system
The Andrew File System is a distributed networked file system which uses a set of trusted servers to present a homogeneous, location-transparent file name space to all the client workstations. It was developed by Carnegie Mellon University as part of the Andrew Project. It is named after Andrew...
, SFS does not provide local caching
Cache
In computer engineering, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere...
of remote files and thus is more dependent on network reliability, latency
Latency (engineering)
Latency is a measure of time delay experienced in a system, the precise definition of which depends on the system and the time being measured. Latencies may have different meaning in different contexts.-Packet-switched networks:...
and bandwidth
Bandwidth (computing)
In computer networking and computer science, bandwidth, network bandwidth, data bandwidth, or digital bandwidth is a measure of available or consumed data communication resources expressed in bits/second or multiples of it .Note that in textbooks on wireless communications, modem data transmission,...
.
See also
- Network file systemNetwork File SystemNetwork File System is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed. NFS, like many other protocols, builds on the Open Network Computing...
- Network File System (protocol)
- Coda (file system)Coda (file system)Coda is a distributed file system developed as a research project at Carnegie Mellon University since 1987 under the direction of Mahadev Satyanarayanan. It descended directly from an older version of AFS and offers many similar features. The InterMezzo file system was inspired by Coda...
- Andrew File SystemAndrew file systemThe Andrew File System is a distributed networked file system which uses a set of trusted servers to present a homogeneous, location-transparent file name space to all the client workstations. It was developed by Carnegie Mellon University as part of the Andrew Project. It is named after Andrew...