Secure Distributed File System
Course: CCY3302 / CS425 — Distributed Systems Security
Semester: Spring 2026
Student: Jana Ashraf Ali — Reg #221010291
Lecturer: Prof. Dr. Ayman Adel Abdel-Hamid
What Is This Project?
A secure distributed file system built from scratch in Java. Three replica storage nodes communicate via Java RMI (Remote Method Invocation) to store, replicate, and serve files. Every connection is encrypted with mutual TLS. Every file write is replicated to all three nodes using Totally Ordered Multicast. A Raft consensus implementation handles leader election so the cluster stays operational even if a node crashes.
The project deliberately includes vulnerable and secured versions side by side, demonstrating 5 classic distributed-systems security flaws and their fixes.
In One Sentence
A by-the-book demonstration of how to build a distributed system and then harden every layer of it against real attack vectors.
What You'll Find in These Docs
| Section | Contents |
|---|---|
| Architecture | System diagrams, data flow, deployment topology |
| Core Concepts | DFS, Java RMI, Lamport clocks, TO-Multicast, Raft, mTLS — explained from zero |
| Implementation | Package-by-package code walkthrough |
| Security Analysis | All 5 vulnerabilities dissected with attack demos and fix code |
| Running | Build, run, and test the project |
| Appendix | Glossary, academic references |
Quick Facts
Language: Java 17 (JDK only — no external dependencies)
Build System: Apache Maven
Communication: Java RMI over mutual TLS (mTLS)
Replication: 3 replicas via Totally Ordered Multicast
Consensus: Raft leader election (Bonus 1)
Password Storage: PBKDF2WithHmacSHA256, 260k iterations, per-user salt
Vulnerabilities: 5 (deserialization, remote codebase, plaintext, missing auth, replay)
Mitigations: 5 (ObjectInputFilter, useCodebaseOnly, mTLS, requireAuth, nonce+timestamp)
Artifacts: 6 executable JARs (3 secure + 3 vulnerable)
The Five-Layer Security Model
Each layer defends against a specific attack class. The layers work together — if one fails, the next one catches the threat.
Project Structure
secure-dfs/
├── pom.xml # Maven build — produces 6 executable JARs
├── certs/ # TLS keystores + truststore (generated once)
├── scripts/
│ ├── generate-certs.sh # Linux/macOS cert generation
│ └── generate-certs.bat # Windows cert generation
├── src/main/java/com/
│ ├── dfs/ # SECURED codebase
│ │ ├── auth/ # AuthService — register, login, token validation
│ │ ├── client/ # DFSClient + ClientShell — interactive CLI
│ │ ├── common/ # FileOperation, OperationResult, ClockMessage
│ │ ├── node/ # ReplicaNode, MessageQueue, LogicalClock
│ │ ├── rmi/ # RMI interfaces (ReplicaNodeInterface, AuthServiceInterface)
│ │ └── util/ # TLSConfig, SerializationValidator, NonceStore
│ └── vulnerable/ # VULNERABLE codebase (mirror with flaws exposed)
│ ├── auth/
│ ├── client/
│ └── node/
├── report/
│ └── REPORT.md # Technical report
└── docs/
├── BEGINNER_GUIDE.md # Concepts from zero
└── SETUP_AND_COMMANDS.md
Ready to dive in? Start with the Architecture Overview to understand how the pieces fit together.