On the Impossibility of Confidentiality, Integrity and Accessibility in Highly-Available File Systems.

Distributed file systems are at the core of many services for sharing data among users. To keep the file contents secure from unauthorized access, such systems make use of custom access control policies similar to the traditional POSIX policies. In our work, we want to investigate the interdependence of secure access and high-availability. To this end, we formalize the three properties related to data security, namely confidentiality, integrity and accessibility (CIA). We proof the CIA impossibility showing that these properties cannot be achieved together in a highly-available partition-tolerant setting. We further discuss a CRDT-based model that implements an access control policy similar to the POSIX one and that guarantees confidentiality and integrity while precluding accessibility only in rare situations.