Flexible Security for the WiND Filesystem
نویسندگان
چکیده
Due to the unending increase in scalability and performance demands, the network attached storage paradigm is being adopted as the solution for large storage systems. This new shift seeks to decentralize storage elements over a network where the idea is to transfer data directly between the storage disks and client machines thereby completely bypassing the fileserver machine bottleneck. The new paradigm opens up a host of novel security issues and protecting the information in transit between the distributed storage entities over a potentially unsecure network becomes essential. In this paper we report on our project wherein we sought to explore the security issues that come up in a network attached storage environment. Our work was done in context of the Wisconsin Network Disks project (WiND). We implemented security features into WFS, an experimental distributed file system built for WiND. Our techniques are performance conscious and do not compromise on the scalability of the system. We allow the user to choose an appropriate security level on a per-file basis. By storing data encrypted on disk, using capabilities, and accomplishing integrity and authentication in a single step, our security features have a minimal impact on system performance.
منابع مشابه
Prism: Providing Flexible and Fast Filesystem Cloning Service for Virtual Servers
This paper describes a prototype virtualized file system, Prism, for supporting hosted servers and utility computing. Prism provides a filesystem service that allows lightweight creation of filesystems for new users from existing filesystems. All users’ filesystems are mutable and yet isolated from each other. In our experiments, new filesystems can be created from existing ones in under one-fi...
متن کاملDemands, Solutions, and Improvements for Linux Filesystem Security
Securing file resources under Linux is a team effort. No one library, application, or kernel feature can stand alone in providing robust security. Current Linux access control mechanisms work in concert to provide a certain level of security, but they depend upon the integrity of the machine itself to protect that data. Once the data leaves that machine, or if the machine itself is physically c...
متن کاملTrust in a Principled Filesystem
Users typically have little reason to trust that systems will protect user data against unauthorized access. A prototype filesystem stack was implemented with a structure designed to provide such assurance by preventing filesystem administrators and most filesystem code from violating user data security goals. The design instantiates a number of well-known security principles that have been pro...
متن کاملScheduling security constraint unit commitment for power system including stochastic wind power generation
This paper introduces a new approach for scheduling security constraint unit commitment (SCUC) including wind farms. Because of uncertainty in wind power production, we tried to develop a new method for incorporating wind power generation in power plant scheduling. For this, wind power generation modeled with unit commitment in a non-linear optimization problem and simulated by submitting diffe...
متن کاملDynamic Detection and Prevention of Race Conditions in File Accesses
Race conditions in filesystem accesses occur when sequences of filesystem operations are not carried out in an isolated manner. Incorrect assumptions of filesystem namespace access isolation allow attackers to elevate their privileges without authorization by changing the namespace bindings. To address this security issue, we propose a mechanism for keeping track of all filesystem operations an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001