Octavia: A Secure Internet Filesystem

Octavia is a secure, decentralized network filesystem. Although there are already many network filesystems, such as the Common Internet Filesystem (also called “Samba”), Sun’s Network File System, and Apple Filing Protocol, they are unsafe for use on the wider Internet. (In fact, they are unsafe for all but the smallest, physically private networks, as well.) By contrast, Octavia aims to provide specific security and reliability guarantees while still providing good performance and usability.

In particular, most existing network filesystems rely on a single central file server computer to serve data to many client computers. This centralization is both a strength and a weakness: while it is easy to understand and develop a centralized system, it proves brittle in practice. If the server becomes overloaded or crashes, client performance becomes degraded or even completely unavailable. It is often (but not necessarily) the case that people must place complete trust in the central server as well: if the server is compromised, people can no longer be certain that their data has not been accessed by the attacker.

The Tahoe-LAFS filesystem most closely resembles Octavia: it shares Octavia’s goals of security and reliability. Octavia aims to explore different design alternatives in the same problem space. For other significant work in this area, perhaps most notably including SFS, see the references page.

How Is Octavia Secure?

Octavia provides four crucial security guarantees. We currently know of no network filesystem besides Tahoe-LAFS that claims to provide these guarantees.

What About Decentralization?

Octavia is designed to be deployed on the internet. Since the internet has no centralized authority, Octavia does not rely on one. Octavia clients and servers can associate and disassociate on an ad hoc basis. Clients don’t depend on any particular server, and servers are thus free to implement any policy toward clients they choose. Clients can work with servers on any network, in any location, implementing any policy, in any combination.

Octavia also scales down to intranets and LANs. In a sense, these centrally-managed networks are special cases of the general, decentralized case: the same mechanisms that work to associate clients and servers in a decentralized manner also work in a centrally-managed deployment.

Octavia Technical Details

CC Attribution-ShareAlike