Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY IN DISTRIBUTED FILE SYSTEMS

Published byToby Logan Modified over 6 years ago

Similar presentations

Presentation on theme: "SECURITY IN DISTRIBUTED FILE SYSTEMS"— Presentation transcript:

1 SECURITY IN DISTRIBUTED FILE SYSTEMS
Likhitha Rayakur Instructor: Prof. Yanqing Zhang Advanced Operating Systems (CSC 8320)

2 11.8 Security Security in distributed file systems organized along a client-server architecture is to have the servers handle authentication and access control. This is a straightforward way of dealing with security, an approach that has been adopted. NFS is an example of traditional approach.

3 Security in NFS Security in NFS mainly focuses on the communication between a client and a server. Secure communication means that a secure channel between the two should be set up. In addition to secure RPCs, it is necessary to control file accesses which are handled by means of access control file attributes in NFS. File server is in charge of verifying the access rights of its clients.

4 Security in NFS NFS is layered on top of an RPC system, setting up a secure channel in NFS boils down to establishing secure RPCs (Remote Procedural Calls).

5 Up until NFSv4, a secure RPC meant that only authentication was taken care of.
There were three ways for doing authentication 1. System authentication 2. Diffie-Hellman key exchange 3. Kerberos

6 System Authentication
System Authentication is the most widely used method. A client simply passes its effective user ID and group ID to the server, along with a list of groups it claims to be a member of. The server has no way at all of verifying whether the claimed user and group identifiers are actually associated with the sender.

7 Diffie-Hellman key exchange
This approach is much better than system authentication, but is more complex. Diffie-Hellman can be viewed as a public-key cryptosystem. There was no way to securely distribute a server's public key, but this was later corrected with the introduction of a secure name service.

8 Kerberos With the introduction of NFSv4, security is enhanced by the support for RPCSEC_GSS. RPCSEC_GSS is a general security framework that can support a myriad of security mechanism for setting up secure channels. In particular, it not only provides the hooks for different authentication systems, but also supports message integrity and confidentiality, two features that were not supported in older versions of NFS.

9 Secure RPCs The important aspect of secure RPC in NFS is that the designers have chosen not to provide their own security mechanisms, but only to provide a standard way for handling security.

10 Access Control Authorization in NFS is analogous to secure RPC: it provides the mechanisms but does not specify any particular policy. Access control is supported by means of the ACL (Access Control List) file attribute. This attribute is a list of access control entries, where each entry specifies the access rights for a specific user or group Many of the operations are relatively straightforward and include those for reading, writing, and executing files, manipulating file attributes, listing directories, and so on.

11

12 11.8.2 Decentralized Authorization
One of the main problems with systems such as NFS is that in order to properly handle authentication, it is necessary that users are registered through a central system administration. A solution to this problem is provided by using the Secure File Systems (SFS) in combination with decentralized authentication servers. The SFS client is responsible for setting up a secure channel with an SFS server. It is also responsible for communicating with a locally-available SFS user agent, which is a program that automatically handles user authentication.

13 organization of SFS

14 11.8.3 Secure Peer-to-Peer File-Sharing Systems
So far, we have discussed distributed file systems that were relatively easy to secure. Traditional systems either use straightforward authentication and access control mechanisms extended with secure communication. Matter become complicated when dealing with fully decentralized systems that rely on collaboration, such as in peer-to-peer file-sharing systems.

15 DHT-Based Systems Secure Lookups in DHT-Based Systems for secure routing Secure routing requires that three issues are dealt with: Nodes are assigned identifiers in a secure way. Routing tables are securely maintained. Lookup requests are securely forwarded between nodes.

16 When nodes are not securely assigned their identifier, we may face the problem that a malicious node can assign itself an ID so that all lookups for specific keys will be directed to itself, or forwarded along the route that it is part of. When routing tables can be filled in with alternative nodes, an attacker can easily convince a node to point to malicious nodes. Finally, to defend against message-forwarding attacks, a node may simply forward messages along several routes.

17 FUTURE WORK Concerning Factors Denial of Service Performance trade off
Scalability

18 References Pavel Bzoch Jiri Safarik “Security and reliability of distributed file systems” Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference E. Miller D.Long W.Freeman “Strong security for distributed file systems” Performance, Computing, and Communications, IEEE International Conference

19 THANK YOU!!!

Download ppt "SECURITY IN DISTRIBUTED FILE SYSTEMS"

Similar presentations

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group (www.opengroup.org) Provides a set of tools and.

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.
Distributed File Systems Chapter 11

Distributed File Systems Chapter 11
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
CS533 - Concepts of Operating Systems 1 Remote Procedure Calls - Alan West.

CS533 - Concepts of Operating Systems 1 Remote Procedure Calls - Alan West.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.

Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.
1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.

1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.
Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID: 105820.

Network File System (NFS) in AIX System COSC513 Operation Systems Instructor: Prof. Anvari Yuan Ma SID:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Chapter 21 Distributed System Security Copyright © 2008.

Chapter 21 Distributed System Security Copyright © 2008.
Distributed Computing Environment (DCE) Presenter: Zaobo He Instructor: Professor Zhang Advanced Operating System Advanced Operating System.

Distributed Computing Environment (DCE) Presenter: Zaobo He Instructor: Professor Zhang Advanced Operating System Advanced Operating System.
NFS : Network File System SMU CSE8343 Prof. Khalil September 27, 2003 Group 1 Group members: Payal Patel, Malka Samata, Wael Faheem, Hazem Morsy, Poramate.

NFS : Network File System SMU CSE8343 Prof. Khalil September 27, 2003 Group 1 Group members: Payal Patel, Malka Samata, Wael Faheem, Hazem Morsy, Poramate.
Distributed Systems Principles and Paradigms Chapter 12 Distributed Coordination-Based Systems 01 Introduction 02 Communication 03 Processes 04 Naming.

Distributed Systems Principles and Paradigms Chapter 12 Distributed Coordination-Based Systems 01 Introduction 02 Communication 03 Processes 04 Naming.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.

1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services BY Sai kamal neeli AVINASH THOTA.

A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services BY Sai kamal neeli AVINASH THOTA.
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.

CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
SECURITY IN DISTRIBUTED FILE SYSTEMS Tejaswini Kalluri, Venkata Prudhvi Raj Konda, Kanna Karri.

SECURITY IN DISTRIBUTED FILE SYSTEMS Tejaswini Kalluri, Venkata Prudhvi Raj Konda, Kanna Karri.

Similar presentations

Ads by Google