The Consequences of Decentralized Security in a Cooperative Storage System Douglas Thain, Chris Moretti, Paul Madrid, Phil Snowberger, and Jeff Hemmes.

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

Database Architectures and the Web
File Server Organization and Best Practices IT Partners June, 02, 2010.
Separating Abstractions from Resources in a Tactical Storage System Douglas Thain, Sander Klous, Justin Wozniak, Paul Brenner, Aaron Striegel, and Jesus.
High Performance Computing Course Notes Grid Computing.
Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.
Lesson 17: Configuring Security Policies
Research Issues in Cooperative Computing Douglas Thain
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
An End-to-End Approach to Globally Scalable Network Storage Presented in cs294-4 P2P Systems by Sailesh Krishnamurthy 15 October 2003.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Separating Abstractions from Resources in a Tactical Storage System Douglas Thain University of Notre Dame
Cooperative Computing for Data Intensive Science Douglas Thain University of Notre Dame NSF Bridges to Engineering 2020 Conference 12 March 2008.
An Introduction to Grid Computing Research at Notre Dame Prof. Douglas Thain University of Notre Dame
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Enabling Data-Intensive Science with Tactical Storage Systems Douglas Thain
Enabling Data-Intensive Science with Tactical Storage Systems Prof. Douglas Thain University of Notre Dame
Separating Abstractions from Resources in a Tactical Storage System Douglas Thain University of Notre Dame
Silberschatz, Galvin and Gagne  Operating System Concepts Common System Components Process Management Main Memory Management File Management.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Peer-to-peer archival data trading Brian Cooper and Hector Garcia-Molina Stanford University.
The Difficulties of Distributed Data Douglas Thain Condor Project University of Wisconsin
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Condor Project Computer Sciences Department University of Wisconsin-Madison Security in Condor.
NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge
Take An Internal Look at Hadoop Hairong Kuang Grid Team, Yahoo! Inc
Presented by: Alvaro Llanos E.  Motivation and Overview  Frangipani Architecture overview  Similar DFS  PETAL: Distributed virtual disks ◦ Overview.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Digital Object Architecture
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Designing Active Directory for Security
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
DCE (distributed computing environment) DCE (distributed computing environment)
1 COMPSCI 110 Operating Systems Who - Introductions How - Policies and Administrative Details Why - Objectives and Expectations What - Our Topic: Operating.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Workshop on the Future of Scientific Workflows Break Out #2: Workflow System Design Moderators Chris Carothers (RPI), Doug Thain (ND)
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.
1 Chapter Overview Creating Drive and Folder Shares Using Distributed File System Installing Network Printers Administering Network Printers Managing Share.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Enabling Data Intensive Science with Tactical Storage Systems Prof. Douglas Thain University of Notre Dame
What is SAM-Grid? Job Handling Data Handling Monitoring and Information.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming.  To allocate scarce memory.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Error Scope on a Computational Grid Douglas Thain University of Wisconsin 4 March 2002.
6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.
Linux Operations and Administration
Introduction to Active Directory
Lecture Topics: 11/29 File System Interface –Files and Directories –Access Methods –Protection –Consistency.
FILE SYSTEM IMPLEMENTATION 1. 2 File-System Structure File structure Logical storage unit Collection of related information File system resides on secondary.
1 CEG 2400 Fall 2012 Network Servers. 2 Network Servers Critical Network servers – Contain redundant components Power supplies Fans Memory CPU Hard Drives.
ECE 456 Computer Architecture Lecture #9 – Input/Output Instructor: Dr. Honggang Wang Fall 2013.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
COMP1321 Digital Infrastructure Richard Henson March 2016.
System Models Advanced Operating Systems Nael Abu-halaweh.
BIG DATA/ Hadoop Interview Questions.
Networking Week #10 OBJECTIVES Chapter #6 Questions Review Chapter #8.
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
Identity and Access Management
GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.
File System Implementation
Introduction to Networks
Storage Virtualization
INFNGRID Workshop – Bari, Italy, October 2004
Introducing NTFS Reliability Security Long file names Efficiency
Presentation transcript:

The Consequences of Decentralized Security in a Cooperative Storage System Douglas Thain, Chris Moretti, Paul Madrid, Phil Snowberger, and Jeff Hemmes University of Notre Dame IEEE Workshop on Security in Storage 2005

Abstract Suppose that security in storage has been deployed at all endpoints. How does this affect the design of distributed storage systems that rely upon these devices? Clients must become much more: –Fault tolerant, adaptive, and self reliant. –Aware of resource allocation issues. –Helpful to the end user! Environment: Storage Pool at Notre Dame

Traditional File System Security appl Security Interface File System Abstraction disk file Owner of Inode 9842 is UID 56 trusted network: PCI RAID SAN Myrinet Ethernet untrusted network: Ethernet Internet placement, replication, reliability I am John Doe!

Decentralized Security appl Abstr. disk file untrusted network: Ethernet Internet Security Abstr. placement, replication, reliability Owner of File /foo/bar is John Doe I am John Doe!

Cooperative Storage System at Notre Dame

What is Cooperative Storage? Many devices bound together that can accomplish more than one device alone. –Improve capacity, reliability, performance... –Could be one person, or many cooperating users. Key property: –Each person retains absolute control of their own resources by setting local policies. –People share and collaborate with others that they know and trust. No free love! No central control! –However, some resources are set up for the common good by an authority. (CS workstations usable by any member of the CS department, says the chair.)

file transfer file system file system file system file system file system file system file system Central Filesystem App Distributed Database Abstraction Adapter App Distributed Filesystem Abstraction Adapter App Cluster administrator controls policy on all storage in cluster UNIX Workstations owners control policy on each machine. file server file server file server file server file server file server file server UNIX ??? Adapter 3PT

CFS: Central File System file server adapter appl file CFS

ptr DSFS: Dist. Shared File System file server appl file server file server file adapter DSFS lookup file location access data

DSDB: Dist. Shared Database adapter appl file server file server file database server file index query direct access insert create file DSDB

Applications Simple and Secure Remote Access –CDF: Remote Dynamic Linking –BaBar: Remote Database Access –LHC: Semantic Remote Filesystems Distributed File Systems –GRAND: Scalable Archive for Online Data Distributed Databases –GEMS: Molecular Dynamics Simulation –CVRL: Biometric Image Storage/Analysis

Challenges of Decentralization Unbounded Set of Users –There is no global /etc/passwd or /etc/group! Multiple Identities per User –Kerberos creds from Notre Dame / Wisconsin. –GSI creds from ND/UW/DOE/NCSA. New Decision Points –Placement decision made, but action fails! –Directory op succeeds, but file creation fails! Unexpected Policy Coupling –Data placement may affect access control!

Outline of Paper Centralized vs Decentralized Security Architecture of Cooperative Storage Basic Security Mechanism –Problem: Complexity Confuses! –Detail: Reservation Right Challenges –Authorization in Distributed File Systems –Logistics of Third Party Transfer –Mechanisms for Active Storage –Semantics of Distributed Group Management

Basic Security Mechanism Negotiate an Authentication Method –Client proposes, server agrees/disagrees. –Default ordering works for most + manual override. –Different servers/clients may support diff subsets. Then, Authenticate via Chosen Method –May involve challenges, cert exchange, etc... Yields a Subject Name for the Session: –globus:/O=NotreDame/CN=DouglasThain –hostname:hedwig.cse.nd.edu –unix:dthain

Authorization Mechanism Unix Access Controls Are Not Sufficient –Integer UIDs are not sufficient for principals. –Nine owner/group/others bits are restrictive. –Mapping from subjects to Unix is a mess. Place Variable Length ACLs on dirs: globus:/O=NotreDame/CN=DThain RWLAX RWL hostname:*.cs.nd.edu RL globus:/O=NotreDame/* RL

Problem: Complexity Confuses! For beginning users: –Negotiated authentication makes life easy. –Everybody can authenticate in some way. –Most users don’t think about it first. For advanced users: –Negotiation has unexpected effects. –What happens when credentials expire? –For long running / large tasks, better to manually specify the authentication mode. –AuthN failure is easier to retry than authZ failure! Unexpected authentication is hard to debug. –Full detail logging mode reveals auth algorithm. –Always prominently display subject name in all tools!

Problem: Shared Namespace file server globus:/O=NotreDame/* RWLAX a.out test.ctest.dat cms.exe

Solution: Reservation (V) Right file server O=NotreDame/CN=* V(RWLA) /O=NotreDame/CN=Monk RWLA mkdir a.outtest.c /O=NotreDame/CN=Monk mkdir /O=NotreDame/CN=Ted RWLA a.outtest.c /O=NotreDame/CN=Ted mkdir only!

Outline of Paper Centralized vs Decentralized Security Architecture of Cooperative Storage Basic Security Mechanism –Problem: Complexity Confuses! –Detail: Reservation Right Challenges –Authorization in Distributed File Systems –Logistics of Third Party Transfer –Mechanisms for Active Storage –Semantics of Distributed Group Management

ptr DSFS: Dist. Shared File System file server appl file server file server file adapter DSFS lookup file location access data

DSFS Logistics Consider Creating a File: –Fetch list of resources: online catalog / static list / user selected –Make placement decision: random / fill in order / user selected –Create stub file on dir server. (fail?) –Create actual file on data server. (fail?) Note that two access controls are in play: –One controls access to the namespace. –Another controls access to the data storage.

DSFS Applications Personal Mass Storage –Expand your local filesystem to include all the disks available in a cluster / lab / basement. Distributed /tmp for Cluster Computing –Harness remote cluster for the duration of a job. Multi-User Scalable Storage –Department provides directory, but no space. /O=NotreDame/O=CSE/CN=* RWL –Participants provide their own data servers. /O=NotreDame/O=CSE/CN=JohnDoe RWLA –Separates provisioning from access!

Dealing with Failure Failure to place data is very common! –Unexpected access controls on device. –Device is temporarily unavailable. (reboot?) –Device is newly installed or creds expired. –Owner changed the sharing policy. Soln: Client Needs to Model the System –Track successes and failures on each device. –Failed devices are not tried again for a time. –Of course, cannot avoid a device forever...

Outline of Paper Centralized vs Decentralized Security Architecture of Cooperative Storage Basic Security Mechanism –Problem: Complexity Confuses! –Detail: Reservation Right Challenges –Authorization in Distributed File Systems –Logistics of Third Party Transfer –Mechanisms for Active Storage –Semantics of Distributed Group Management

PINS: Processing in Storage Observation: –Traditional clusters separate CPU and storage into two distinct systems/problems. –Distributed computing is always some direct combination of CPU and I/O needs. Idea: PINS –Cluster HW is already a tighly integrated complex of CPU and I/O. Make the SW reflect the HW. –Key: Always compute in the same place that the data is located. Leave newly created data in place.

Compute via Passive Storage file server ABCD (X 200) S1 S2S3S4 Compute Y=F(X) where X={A,B,C,D} F Y1Y2Y3Y4

Compute via Active Storage file server ABCD (X 200) S1 S2S3S4 Compute Y=F(X) where X={A,B,C,D} F Y1Y2Y3Y4 FFF

Technique: Identity Boxing / directory ACL: hostname:*.cse.nd.edu RWLX globus:/O=NotreDame/* RWLX file server sim.exe storage owner in.dat Identity Box: /O=NotreDame/CN=Monk sim.exe out.dat client > open x.nd.edu > put sim.exe > put in.dat > exec sim.exe > get out.dat

Unified Semantics Same Identity for Exec and Data Access –Stage in data as user X. –Program runs as user X, data is protected. –Access results as user X. Same ACLs for Exec and Data Access –Need the X right to run a program. –RX rights – given user can run fixed F(X). –WX rights – given user can stage in any F(X).

Outline of Paper Centralized vs Decentralized Security Architecture of Cooperative Storage Basic Security Mechanism –Problem: Complexity Confuses! –Detail: Reservation Right Challenges –Authorization in Distributed File Systems –Logistics of Third Party Transfer –Mechanisms for Active Storage –Semantics of Distributed Group Management

Fully Decentralized User Groups Distributed Orgs Have Complex Needs –CMS Collaboration: 10s of institutions, 100s of PIs, 1000s of graduate students staff. –There is no centralized database for CMS. –Local managers add/remove members locally. Want Storage Systems that Allow Reference to Groups Managed by Others: –Allow access to all staff involved in CMS. –Allow access to any NSF program manager. –Allow access to all CS faculty at ND/Purdue.

Fully Decentralized ACLs univ.edu members univ.edu members file system file server file client read Access Control List group:ccl.nd.edu/faculty RWL group:serv.nsf.gov/managers RL group:ftp.cern.org/members RL check ACL ccl.nd.eduserv.nsf.gov facultymanagers ftp.cern.org members group lookups group lookups

Challenges of ACLs Performance / Availability / Consistency –Give the group/ACL owner control. –Specify maximum time for stale data. Implemented, but continuing experience leads to reflection on the semantics. Example: What to do under failures? –Partial answer: servers fail quickly, client retries up to a user-controlled limit. –Consider: Group A gives W access, group B gives R. –What happens when group A is unavailable? –Two very different questions: What rights does user X have? Can user X perform a read?

Outline of Paper Centralized vs Decentralized Security Architecture of Cooperative Storage Basic Security Mechanism –Problem: Complexity Confuses! –Detail: Reservation Right Challenges –Authorization in Distributed File Systems –Logistics of Third Party Transfer –Mechanisms for Active Storage –Semantics of Distributed Group Management

Practical Lessons In a system with decentralized security... Users need debugging tools! –Simple examples: whoami, rwhoami Client software must become “heavier” –Must carefully parse a vast array of errors. –Must maintain a model of remote devices. High level names must be used deep within the system software stack. –Run processes with subject name, not Unix UID.

For more information... Cooperative Computing Lab Cooperative Computing Lab Cooperative Computing Tools Cooperative Computing Tools Douglas Thain Douglas Thain –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.