Skip to main content
Springer Nature Link
Log in

An Implementation of a Secure Version of NFS Including RBAC

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 1999)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1587))

Included in the following conference series:

  • 423 Accesses

Abstract

The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected net-works, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC_GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. P. Ashley and M. Vandenwauver. Practical Intranet Security: An Overview of the State of the Art and Available Technologies. Kluwer Academic Publishers, 1999.

    Google Scholar 

  2. B. Broom and G. Gaskell. On the Recent Attacks Against WWW Systems. In Proceedings of the 2nd Joint Conference of AUUG and Asia Pacific World Wide Web, pages 28–36, September 1996.

    Google Scholar 

  3. B. Callaghan, B. Pawlowski, and P. Staubach. NFS Version 3 Protocol Specification, 1995. RFC1813.

    Google Scholar 

  4. W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976.

    Article  MATH  MathSciNet  Google Scholar 

  5. ECMA 219. ECMA-219 Security in Open Systems-Authentication and Privilege Attribute Security Application with Related Key Distribution Functionality, 2nd Edition, March 1996. European Computer Manufacturers Association.

    Google Scholar 

  6. M. Eisler. NFS Version 2 and Version 3 Security Issues and the NFS Protocol’s Use of RPCSEC_GSS and Kerberos V5, April 1998. Internet Draft.

    Google Scholar 

  7. M. Eisler, A. Chiu, and L. Ling. RPCSEC-GSS Protocol Specification, September 1997. RFC2203.

    Google Scholar 

  8. M. Eisler, R. Schemers, and R. Srinivasan. Security Mechanism Independence in ONC RPC. In Proceedings of the 6th USENIX Security Symposium, San Jose, CA., July 1996.

    Google Scholar 

  9. D.F. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, MD., October 1992.

    Google Scholar 

  10. B. Hilchenbach. Observations on the Real-World Implementation of Role-Based Access Control. In 20th National Information Systems Security Conference, pages 341–352, October 1997.

    Google Scholar 

  11. ITU. ITU-T Rec. X.509 (revised). The Directory-Authentication Framework, 1993. International Telecommunication Union, Geneva, Switzerland.

    Google Scholar 

  12. B. Jaspan. GSS-API Security For ONC RPC. In Proceedings of the Symposium on Network and Distributed System Security, pages 144–151, San Diego, CA., February 1995.

    Google Scholar 

  13. P. Kaijser. A review of the SESAME Development. In C. Boyd and E. Dawson, editors, Proceedings of the 3rd ACISP Conference-LNCS 1438, pages 1–8. Springer-Verlag, 1998.

    Google Scholar 

  14. J. Kohl and C. Neuman. The Kerberos Network Authentication Service V5, September 1993. RFC1510.

    Google Scholar 

  15. J. Linn. Generic Security Services Application Program Interface, September 1993. RFC1508.

    Google Scholar 

  16. J. Linn. Generic Security Service Application Program Interface Version 2, January 1997. RFC2078.

    Google Scholar 

  17. B. Nowicki. NFS: Network File System Protocol, 1989. RFC1094.

    Google Scholar 

  18. T. Parker and C. Sundt. Role Based Access Control in Real Systems. In Compsec’ 95, October 1995.

    Google Scholar 

  19. R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access Control Models. IEEE Computer, pages 38–47, February 1996.

    Google Scholar 

  20. R. Srinivasan. Remote Procedure Call Protocol Specification Version 2, 1995. RFC1831.

    Google Scholar 

  21. R. Srinivasan. Xdr: External data respresentation standard, August 1995. RFC1832.

    Google Scholar 

  22. J. Steiner, B. Neuman, and J. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the USENIX Winter Conference, pages 191–202, Dallas, Tx., February 1988.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research Centre, School of Data Communications, Queensland University of Technology, GPO Box 2434, Brisbane, Australia

    Paul Ashley & Bradley Broom

  2. Dept. Elektrotechniek, ESAT-COSIC, Katholieke Universiteit Leuven, Kardinaal Mercierlaan 94, B-3001, Heverlee, Belgium

    Mark Vandenwauver

Authors
  1. Paul Ashley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bradley Broom
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark Vandenwauver
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia

    Josef Pieprzyk , Rei Safavi-Naini  & Jennifer Seberry ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ashley, P., Broom, B., Vandenwauver, M. (1999). An Implementation of a Secure Version of NFS Including RBAC. In: Pieprzyk, J., Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 1999. Lecture Notes in Computer Science, vol 1587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48970-3_18

Download citation

  • DOI: https://doi.org/10.1007/3-540-48970-3_18

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-65756-9

  • Online ISBN: 978-3-540-48970-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics