Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

MooseGuard: secure file sharing at scale in untrusted environments

Baker, Joseph (2020) MooseGuard: secure file sharing at scale in untrusted environments. Master's Thesis, University of Pittsburgh. (Unpublished)

Download (527kB) | Preview


Shared storage systems provide cheap, scalable, and reliable storage, but secure sharing in these systems requires users to encrypt their data and limit efficient sharing or trust a service provider to faithfully keep their data private. Current research has explored the use of trusted execution environments (TEEs) to operate on sensitive data and sharing policies in isolated execution. That work enables the utilization of untrusted shared resources to store and share sensitive data while maintaining stronger security guarantees. However, current research has limitations in scaling these solutions, as it bottlenecks both metadata and data operations within the same physical TEE, whereas a scaled file system distributes metadata and data operations to separate devices.

This paper explores the use of two TEEs specialized for metadata and data operations to provide file sharing at scale with less overhead in addition to strong security guarantees. This approach achieves scaled metadata and concurrent use by utilizing a server-side TEE for isolated execution on a master server and provides data privacy and efficient access revocation through a client-side TEE. MooseGuard is the prototype implementation of this design, utilizing Intel SGX as a TEE and extending the MooseFS distributed file system. MooseGuard's implementation details the modifications needed to provide security and shows how this approach can be applied to a typical distributed file system. An evaluation of MooseGuard demonstrates that TEEs specialized for metadata and data operations allow a secured distributed file system to maintain its scale with only constant overheads. As TEEs and secure hardware become more widely available in public clouds, enterprise, and personal devices, MooseGuard presents a way for users to get the best of both worlds in data privacy and efficient sharing when using scaled, shared storage systems.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
Baker, Josephjcb116@pitt.edujcb1160000-0003-0015-5056
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Committee ChairLange, Jackjlange@pitt.edujlange
Committee MemberAdam, Leeadamlee@pitt.eduadamlee
Committee MemberXulong, Tangxulongtang@pitt.eduxulongtang
Date: 20 August 2020
Date Type: Publication
Defense Date: 16 July 2020
Approval Date: 20 August 2020
Submission Date: 29 July 2020
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 58
Institution: University of Pittsburgh
Schools and Programs: School of Computing and Information > Computer Science
Degree: MS - Master of Science
Thesis Type: Master's Thesis
Refereed: Yes
Uncontrolled Keywords: Security; Distributed File Systems; Intel SGX; MooseFS; Cloud.
Date Deposited: 20 Aug 2020 18:57
Last Modified: 20 Aug 2020 18:57


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item