SUNDR (secure untrusted data repository) is a secure network file
system we are building to run on untrusted servers. Ideally, everyone
would immediately and unconditionally detect any misbehavior on the
part of a file server. While this ideal is not achievable, SUNDR
provides the next best thing--a guarantee that even the subtlest of
server failures causes all hell to break loose in a well-defined and
readily-detectable sense. Thus, users quickly learn of even Byzantine
server failures and can assure themselves that a server has been
honest at least until some recent point. Finally, by adding either
direct user-user communication or a simple trusted version number
server to the network file system model, one can gain a full guarantee
of traditional network file system semantics without any assumptions
about the server's behavior.
People
Jinyuan Li, and David Mazières. Beyond One-third Faulty Replicas in Byzantine Fault Tolerant Systems. In Proceedings of the 4th Symposium on Networked Systems Design and Implementation, Cambridge, MA, April 2007.
Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, San Francisco, CA, December 2004. paper.
David Mazières and Dennis Shasha. Building secure file systems out of Byzantine storage. In Proceedings of the Twenty-First ACM Symposium on Principles of Distributed Computing (PODC 2002), July 2002. paper. (The full version is available as NYU computer science department technical report TR2002-826, May 2002.)
David Mazières and Dennis Shasha. Don't trust your file server. In Proceedings of the 8th Workshop on Hot Topics in Operating Systems, pages 113-118, May 2001. paper.