Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002."— Presentation transcript:

1 Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002

2 OceanStore’s world view Promiscuous caching, untrusted infrastructure, world-wide scale

3 OceanStore’s world view No one server can be trusted to provide access control Data location may not be fully known—it may not be possible to “hunt and kill” all data files Unlike traditional operating systems, OceanStore has no trusted kernel Result: OceanStore has different needs in access control than traditional operating systems and “trusted” distributed filesystems

4 The need for groups Administrative need: commercial setting has 10K+ users and huge number of files People constantly entering and leaving groups Any solution likely to be fully distributed Want: Centralized revocation and control Aggressive caching and FS’s untrusted nature Groups must be convenient for both readers/writers and group managers

5 Problem We cannot assume security of any particular nodes Controlling writes can be done in inner ring Controlling reads more difficult Cannot trust servers to selectively release information Solution for Ocean Store: Use inner ring to verify write requests Use client-side crypto to prevent unauthorized reads Keep all needed keys with ACLs

6 Groups in OceanStore Similar to Kevin Fu’s cryptographic storage file system, keys are bundled with the files However, group lists are distributed through the network as regular files No group server—indirection is introduced to provide end users with the keys they need to read files

7 Protecting Files Blocks of each file are encrypted with symmetric keys (IDEA) Groups each have a keypair (the private key is encrypted to group members with their public keys) Symmetric keys encrypted with user or group’s public key and stored in ACL Group manager removes a user by generating new group keypair and reencrypting the private group key with each user’s public key When update is sent to file, any groups are checked for changes If changes exist, new symmetric key used for update

8 Performing a read File 1 Group G User1 User2 User3 ACL User1 User2 Group1 Group2 IDEA keys encrpyted with public keys Group’s private key encrypted with users’ public keys

9 Performing a read File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Read block from file 1 Lookup user’s entry in ACL consulting group lists if needed

10 Performing a read File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Read block from file 1 Lookup user's entry in ACL consulting group lists if needed Encrypted key

11 Deleting a user from a group File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Group manager generates new group keypair This new private key is encrypted to each users’ public key Group manager

12 Submitting new update File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Update Check to see if any groups changed

13 Submitting new update File 1 Group 2 User1 User2 User3 ACL User1 User2 Group1 Group2 Update Generate new IDEA key, encrypt to all users and groups

14 Advantages Decouple group management from key management Fully distributed Storing keys in this fashion is relatively straighforward

15 Experimental Testbed Simulated above mechanism on Java-based, block-oriented filesystem with OceanStore assumptions Verified against two workload models (E-mail model based on IMAP traces and “Congressional Record” model) Testbed designed with OceanStore assumptions

16 Integration with OceanStore Inner ring verifies write requests Encrypted keys stored in ACL (as separate file) Group lists exist as independent files Any mechanisms introduced that restrict locations of files would decrease opportunity for revoked data to reach end users Cooperation from servers to delete data on request and aid in “hunt and destroy”

17 Additional Considerations A weakness of our system is that group members can deny access to other members of the group Group managers can determine if new members can see data written before their membership May be unwieldy for very dynamic groups

18 Future work Design of user-interface (Tcl/Tk or WWW) Expiring keys after certain time period/active servers to operate on files, including deletions Support for policies where new signed updates could imply the deletion of older data (streaming media, for example)

Download ppt "Group Management, Permissions, and Revocation in OceanStore Barbara Engelhardt George Porter Naveen Sastry UC Berkeley January 2002."

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
More on File Management

More on File Management
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
What is OceanStore? - 10^10 users with 10.000 files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.

What is OceanStore? - 10^10 users with files each - Goals: Durability, Availability, Enc. & Auth, High performance - Worldwide infrastructure to.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.

Serverless Network File Systems. Network File Systems Allow sharing among independent file systems in a transparent manner Mounting a remote directory.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.

P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.

Concurrency Control & Caching Consistency Issues and Survey Dingshan He November 18, 2002.

Similar presentations

Ads by Google