SiRiUS: Securing Untrusted Remote Storage, Eu-Jin Goh, Hovav Shacham,
Nagendra Modadugu, Dan Boneh, ISOC Network and Distributed Systems
Security (NDSS) Symposium 2003.

Purpose
=======

- Design and implement a securtiy mechanism to improve security of
  network file servers without changing file systems or network
  servers.
  --> easy to install and use (minimal client software)
  --> layered on top of any existing system
  --> can't defend against DoS

Goals
=====

- Granularity is on a per file basis, can differentiate between
  read-only and read-write access for different users.

- Efficient random access to file blocks (low bandwidth)

- Minimal key management, users should only manage a few, not one for
  each file.  Key distribution and revocation should be simple.

- Users should be able to guarantee freshness of files.

Discussion Topics
=================

- What happens when users change their public keys?  Do they have to
  contact the owners of every file they have access too (and thus keep
  a list of these files)?  If not, then do file owners have to figure
  this out, and thus keep lists of public keys of all users that have
  access to their files, and check for updates regularly?

- How often do you have to timestamp / integrity check the files that
  you own?  This can lead to a lot of overhead.  Can you have
  different periods for different files?

- Does this work for applications that want low-latencies (e.g.,
  multimedia players)?  How can we do this without downloading the
  whole file first?  Do these apps need this service in the first
  place?

- In terms of the implementation: When you have 10 people logged into
  the same machine, do you need 10 different NFS clients looping back
  to 10 different specialized NFS server/clients?

- How difficult is it to write clients?

- If PKI's are used, then this system inherits all of its problems.

- Is this too general purpose?  Can we use this if we don't want to
  share any files?

- How are private keys stored your computer?  Would admins have access
  to them?  Is that okay?

Voting
======
accept      -  5
weak accept - 11
weak reject -  2
reject      -  0