Cryptfs proves that a useful, non-trivial vnode stackable file system can be implemented on modern operating systems without having to change the rest of the system. Better performance and stronger security were achieved by running the file system in the kernel. Cryptfs is more portable than other kernel-based file systems because it interacts with a mostly standard vnode interface, as the quick ports to Linux and FreeBSD showed.
Most complications discovered while developing Cryptfs stemmed from two problems:
We believe that a truly stackable file system interface could significantly improve portability, especially if adopted by the main Unix vendors and developers. We think that the interface available in Spring[10] is very suitable. If that interface becomes popular, it might result in many more practical file systems developed. We hope through Cryptfs to have proven the usefulness and practicality of non-trivial stackable file systems.
We plan to add Cryptfs support for other ciphers, especially DES. We also intend to port Cryptfs to newer versions of existing operating systems (Solaris 2.7 and Linux 2.1 in particular,) to take advantage of new system features offered.
The work described in this paper is part of an ongoing research effort to develop ``FiST'' (File System Translator) -- a system that will be used to describe a file system using a high-level language and generate a working implementation for the target operating system from that description[22].