next up previous
Next: 7. Acknowledgments Up: Cryptfs: A Stackable Vnode Previous: 5. Related Work

Subsections

   
6. Conclusions

Cryptfs proves that a useful, non-trivial vnode stackable file system can be implemented on modern operating systems without having to change the rest of the system. Better performance and stronger security were achieved by running the file system in the kernel. Cryptfs is more portable than other kernel-based file systems because it interacts with a mostly standard vnode interface, as the quick ports to Linux and FreeBSD showed.

Most complications discovered while developing Cryptfs stemmed from two problems:

1.
The vnode interface is not self-contained. The VM system offers memory mapped files, but properly handling them requires some manipulation of lower level file systems and MMU/TLB hardware.

2.
Several vnode calls are poorly designed, most likely due to the need to keep compatible with past implementations that were made when resources were more scarce. The readdir vnode operation on Solaris and FreeBSD requires special parsing of the file names within the data provided by the file system. Also, it forced us to maintain lots of state to be able to implement it as a restartable operation.

We believe that a truly stackable file system interface could significantly improve portability, especially if adopted by the main Unix vendors and developers. We think that the interface available in Spring[10] is very suitable. If that interface becomes popular, it might result in many more practical file systems developed. We hope through Cryptfs to have proven the usefulness and practicality of non-trivial stackable file systems.

   
6.1 Future

We plan to add Cryptfs support for other ciphers, especially DES. We also intend to port Cryptfs to newer versions of existing operating systems (Solaris 2.7 and Linux 2.1 in particular,) to take advantage of new system features offered.

The work described in this paper is part of an ongoing research effort to develop ``FiST'' (File System Translator) -- a system that will be used to describe a file system using a high-level language and generate a working implementation for the target operating system from that description[22].


next up previous
Next: 7. Acknowledgments Up: Cryptfs: A Stackable Vnode Previous: 5. Related Work
Erez Zadok
1999-02-17