After a file is deleted, its data is still stored on the phys-ical media until the actual data blocks are overwritten. Sometimes, this allows users to recover a file they mis-takenly deleted. Unfortunately, a malicious user can also recover such a deleted file. A local privileged usercan access a low-level device via the

Acknowledgements: We would like to thank several people who made significant contributions in improving this paper. Ruth Klundt put in a significant effort and time to run our experimental evaluation at Sandia National Labs, especially getting it working few days before a deadline; thanks to Lee Ward who offered us Sandia’s resources.

The access model of exporting NFS volumes to clients suffers from two problems. First, the server depends on the client to specify the user credentials to use and has no flexible mechanism to map or restrict the credentials given by the client. Second, when the server exports a volume, there is no mechanism to ensure that users accessing the server are only able to access their own files. We address these problems by a combination of two solutions. First, range-mapping allows the NFS server to restrict and flexibly map the credentials set by the client. Second, file-cloaking allows the server to control the data a client is able to view or access, beyond normal Unix semantics. Our design is compatible with all versions of NFS. We have implemented this work in Linux and made changes only to the NFS server code; client-side NFS and the NFS protocol remain unchanged. Our evaluation shows a minimal average performance overhead and, in some cases, an end-to-end performance improvement.

We have designed a stackable file system called Redundant Array of Independent Filesystems (RAIF). It combines the data survivability properties and performance benefits of traditional RAIDs with the unprecedented flexibility of composition, improved security, and ease of development of stackable file systems. RAIF can be mounted on top of any combination of other file systems including network, distributed, disk-based, and memory-based file systems. Existing encryption, compression, antivirus, and consistency checking stackable file systems can be mounted above and below RAIF, to efficiently cope up with slow or unsecure branches. Individual files can be distributed across branches, replicated, stored with parity, or stored with erasure correction coding to recover from failures on multiple branches. Per-file incremental recovery, storage type migration, and load-balancing are especially well suited for grid storages. In this paper we describe the current RAIF design, provide preliminary performance results and discuss current status and future directions. 1

As storage systems evolve, the block-based design of today’s disks is becoming inadequate. As an alternative, objectbased storage devices (OSDs) offer a view where the disk manages data layout and keeps track of various attributes about data objects. By moving functionality that is traditionally the responsibility of the host OS to the disk, it is possible to improve overall performance and simplify management of a storage system. The capabilities of OSDs will also permit performance improvements in parallel file systems, such as further decoupling metadata operations and thus reducing metadata server bottlenecks. In this work we present an implementation of the Parallel Virtual File System (PVFS) integrated with a software emulator of an OSD and describe an infrastructure for client access. Even with the overhead of emulation, performance is comparable to a traditional server-fronted implementation, demonstrating that serverless parallel file systems using OSDs are an achievable goal. 1.

( * now with SANGate Israel) This paper presents DSF- a new serverless distributed file system, aimed to improve scalability. Scalability is obtained by moving traditional file system functionality to lower (disk) levels and by using a dynamic file management assignment policy to improve load balancing. 1 1.

Storage virtualization and data management are well known problems for individual users as well as large organizations. Existing storage-virtualization systems either do not support a complete set of possible storage types, do not provide flexible data-placement policies, or do not support per-file conversion (e.g., encryption). This results in suboptimal utilization of resources, inconvenience, low reliability, and poor performance. We have designed a stackable file system called Redundant Array of Independent Filesystems (RAIF). It combines the data survivability and performance benefits of traditional RAID with the flexibility of composition and ease of development of stackable file systems. RAIF can be mounted on top of directories and thus on top of any combination of network, distributed, disk-based, and memory-based file systems. Individual files can be replicated, striped, or stored with erasure-correction coding on any subset of the underlying file systems. RAIF has similar performance to RAID. In configurations with parity, RAIF’s write performance is better than the performance of driver-level and even entry-level hardware RAID systems. This is because RAIF has better control over the data and parity caching. 1

Each file on an NFS server is uniquely identified by a persistent file handle that is used whenever a client performs any NFS operation. NFS file handles reveal significant amounts of information about the server. If attackers can sniff the file handle, then they may be able to obtain useful information. For example, the encoding used by a file handle indicates which operating system the server is running. The fields of the file handle contain information such as the date that the file system was created—often the same time that the OS was installed. Since an NFS file handle contains relatively little random data, it is not difficult to guess. If attackers can guess a file handle, then they can bypass the normal mounting procedures. This allows an attacker to access data without appropriate accounting and logging. We have analyzed file handles on three common server operating systems: Linux, FreeBSD, and Solaris. Each one of them suffers from deficiencies when constructing file handles. We have modified the NFS server on Linux to use only randomly-generated file handles over the network. This makes it more difficult for an attacker to guess a file handle, or from utilizing information contained within a file handle. To persistently store file handles we use an in-kernel port of Berkeley DB. Our performance evaluation shows an acceptable overhead. 1

Developing efficient file systems is difficult. Often, profiling tools are useful for analyzing system bottlenecks and correcting them. Whereas there are several techniques to profile system call activity or disk-block activity, there are no good tools to profile file systems—which logically reside below system calls and above disk drivers. We developed a tool called FSprof that instruments existing file systems ’ source code to profile their activity. This instrumentation incurs negligible runtime overhead. For file systems that do not have source code available, we also developed a thin file-system wrapper. When a profiled file system runs, it records operation frequencies and precise latencies and sorts them into configurable exponential buckets. We wrote additional tools to help verify, analyze, and display the profiling data. We ran FSprof on several popular Linux file systems: Ext2, Ext3, Reiserfs, and a stackable (layered) file system called Wrapfs. Our analysis revealed interesting discoveries about file systems and benchmarks. We analyzed bi-modal and even tri-modal distributions we found in certain operation latencies, which result from complex interactions between file system caches and disks. We illustrate how simple file system designs can lead to serious lock contention and slow down the entire operating system. We show how seemingly similar file system benchmarks can unexpectedly behave rather differently. We also observed that a tiny percentage of certain calls can have a disproportionate overall effect. FSprof is the first tool specifically designed for analyzing file system behavior, using high precision and a fine level of detail. FSprof helps developers collect and organize information, then diagnose and optimize file system performance.

Large grid installations require global access to massive data stores. Parallel file systems give high throughput within a LAN, but cross-site data transfers lack seamless integration, security, and performance. The GridNFS project, aims to provide scalable, transparent, and secure data management as well as a scalable and agile name space. A key challenge in exporting a parallel file system with NFSv4 is to provide high performance without sacrificing consistency. This paper introduces extensions to the NFSv4 protocol to support parallel access. We implemented a prototype of our design and present experiments demonstrating its scalable architecture.