An alternative is to design systems that cope with corrupt infrastructure. This talk will present a set of techniques that progressively chip away at the security requirements of ordinary network file systems--eliminating the need to trust the network, eliminating the need to rely on certificate authorities, eliminating the need to trust replicas of popular data, mitigating the effects of compromised clients and passwords.

Ultimately, I'll show how clients can detect attempts to tamper with data even when an attacker completely compromises the file server. All of these techniques have been realized in usable systems, demonstrating that practical, strong data security need not come at the cost of high fences and their associated management constraints.