A privacy-protecting file system on public cloud storage

With the development of cloud-based systems and applications, a number of major technical firms have started to provide public cloud storage services, and store user data in datacenters strategically positioned across the Internet. However, when users store private data in shared datacenters, they lose control over how the data are stored and accessed. Multiple classes of personnel may access the physical storage media and potentially read the data. While strong cryptographic methods can protect user files from unauthorized accesses, they incur computational overhead, and make it difficult for the infrastructure provider to optimize the storage space with effective compression and deduplication. To provide strong protection on user data, we design a new file system called BIFS (Bit-Interleaving File System). Focusing on the privacy protection of the on-disk state, BIFS re-orders data in user files at the bit level, and stores bit slices at distributed locations in the storage system. While providing strong privacy protection, BIFS still retains part of the regularity in user data, and thus enables the infrastructure provider to perform a certain level of space optimization (e.g., compression). We implement BIFS on the Amazon Simple Storage Service (S3), and examine its performance characteristics. The comparison with several existing network or Internet-based file systems shows that BIFS provides robust file system functions with satisfactory throughput on S3.