Abstract
On the basis of analyzing demand of secure storage system, this paper use the artificial immune algorithm to research access control system for the secure storage system. Firstly some current matching rules are introduced and analyzed. Then the elements in immune-based access control system are defined. To improve the efficiency of the artificial immune algorithm, this paper proposes the random r-continuous matching rule, and analyze the number of illegal access requests that one detector can check out. Implementing prototype of the random r-continuous matching rule to evaluate and compare its performance with current matching rules. The result proves the random r-continuous matching rule is more efficient than current matching rules. At last, we use the random r-continuous matching rule to realize immune-based access control system for OST in Lustre. Evaluating its I/O performance, the result shows its I/O performance loss is below 8%, it proves that the random r-continuous matching rule can be used to realize the secure storage system that can keep high I/O performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blaze, M.: A cryptographic file system for UNIX. In: Proceedings of 1st ACM Conference on Communications and Computing Security (1993)
Howard, J., Kazar, M., Menees, S., Nichols, D., Satyanarayanan, M., Sidebotham, R., West, M.: Scale and performance in a distributed file system. ACM TOCS 6(1) (February 1988)
Fu, K., Kaashoek, M., Mazieres, D.: Fast and secure distributed read-only file system. OSDI (October 2000)
Mazieres, D., Kaminsky, M., Kaashoek, M., Witchel, E.: Separating key management from file system security. SOSP (December 1999)
Li, X., Yang, J., Wu, Z.: An NFSv4-Based Security Scheme for NAS, Parallel and Distributed Processing and Applications, NanJiang, China (2005)
Gobioff, H., Nagle, D., Gibson, G.: Embedded Security for Network-Attached Storage, CMU SCS technical report CMU-CS-99-154 (June 1999)
John, D., Strunk, G.R., Goodson, M.L., Sheinholtz, C.A.N., Soules, G.R.: Self-Securing Storage: Protecting Data in Compromised Systems. In: 4th Symposium on Operating System Design and Implementation, San Diego, CA (October 2000)
Craig, A.N., Soules, G.R., Goodson, J.D., Strunk, G.R.: Metadata Efficiency in Versioning File Systems. In: 2nd USENIX Conference on File and Storage Technologies, San Francisco, CA, March 31-April 2 (2003)
Wylie, J., Bigrigg, M., Strunk, J., Ganger, G., Kiliccote, H., Khosla, P.: Survivable information storage systems. IEEE Computer, Los Alamitos (2000)
Ganger, G.R., Khosla, P.K., Bakkaloglu, M., Bigrigg, M.W., Goodson, G.R., Oguz, S., Pandurangan, V., Soules, C.A.N., Strunk, J.D., Wylie, J.J.: Survivable Storage Systems. In: DARPA Information Survivability Conference and Exposition, Anaheim, CA, 12-14 June 2001, vol. 2, pp. 184–195. IEEE, Los Alamitos (2001)
Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., Zhao, B.: OceanStore: An Architecture for Global-Scale Persistent Storage. In: ASPLOS (December 2000)
Freeman, W., Miller, E.: Design for a decentralized security system for network-attached storage. In: Proceedings of the 17th IEEE Symposium on Mass Storage Systems and Technologies, College Park, MD, pp. 361–373 (March 2000)
Miller, E.L., Long, D.D.E., Freeman, W., Reed, B.: Strong security for distributed file systems. In: Proceedings of the 20th IEEE international Performance, Computing and Communications Conference (IPCCC 2001), Phoenix, April 2001, pp. 34–40. IEEE, Los Alamitos (2001)
Miller, E.L., Long, D.D.E., Freeman, W.E., Reed, B.C.: Strong Security for Network-Attached Storage. In: Proceedings of the 2002 Conference on File and Storage Technologies (FAST), January 2002, pp. 1–13 (2002)
Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: PLUTUS: Scalable secure file sharing on untrusted storage. In: Conference on File andStorage Technology (FAST 2003), San Francisco, CA, 31 March - 2 April 2003, pp. 29–42. USENIX, Berkeley (2003)
De-zhi, H., Xiang-lin, F., Jiang-zhong, H.: Study and Implementation of a iSCSI-Based Network Attached Storage Secure System. MINI-MICRO SYSTEMS 7, 1223–1227 (2004)
Goh, E.-J., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS:Securing Remote Untrusted Storage. In: The proceedings of the Internet Society (ISOC) Network and Distributed Systems Security (NDSS) Symposium 2003(2003)
Azagury, A., Cabetti, R., Factor, M., Halevi, S., Henis, E., Naor, D., Rinetzky, N., Rodeh, O., Satran, J.: A Two Layered Approach for Secuting an Object Store Network. In: SISW 2002 (2002)
Hewlett-Packard Company. HP OpenView storage allocator (October 2001), www.openview.hp.com
Brocade Communications Systems, Inc. Advancing Security in Storage Area Networks. White Paper (June 2001)
Hewlett-Packard Company. HP SureStore E Secure Manager XP (March 2001), www.hp.com/go/storage
Dasgupta, D.: An overview of artificial immune systems and their applications. In: Dasgupta, D. (ed.) Artificial immune systems and their applications, pp. 3–23. Springer, Heidelberg (1999)
de Castro, L.N., Timmis, J.: Artificial Immune Systems: A New Computational Approach. Springer, London (2002)
Forrest, S., Perelson, A., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, pp. 202–212. IEEE Computer Society Press, Los Alamitos (1994)
Balthrop, J., Esponda, F., Forrest, S., Glickman, M.: Coverage and generalization in an artificial immune system. In: Langdon, W.B., Cantú-Paz, E., Mathias, K., Roy, R., Davis, D., Poli, R., Balakrishnan, K., Honavar, V., Rudolph, G., Wegener, J., Bull, L., Potter, M.A., Schultz, A.C., Miller, J.F., Burke, E., Jonoska, N. (eds.) Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), 9-13 July 2002, pp. 3–10. Morgan Kaufmann Publishers, San Francisco (2002)
Farmer, J.D., Packard, N.H., Perelson, A.S.: The immune system, adaptation, and machine learning. Physica D 22, 187–204 (1986)
Harmer, P., Williams, G., Gnusch, P.D., Lamont, G.: An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation 6(3), 252–280 (2002)
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-Nonself Discrimination in a computer. In: Proceeding of IEEE Symposium on Research in Security and Privacy, pp. 202–212. IEEE Computer Society Press, Los Alamitos (1994)
Helman, P., Forrest, S.: An efficient algorithm for generating random antibody strings, Technical Report CS-94-07, The University of New Mexico, Albuquerque, NM (1994)
D’haeseleer, P., Forrest, S., Helman, P.: An immunological approach to change detection: algorithms, analysis and implications. In: McHugh, J., Dinolt, G. (eds.) Proceedings of the 1996 IEEE Symposium on Computer Security and Privacy, USA, pp. 110–119. IEEE Press, Los Alamitos (1996)
D’haeseleer, P.: Further efficient algorithms for generating antibody strings, Technical Report CS95-3, The University of New Mexico, Albuquerque, NM (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tao, C., ShiGuang, J., Wei, Z., DeJiao, N. (2009). Random r-Continuous Matching Rule for Immune-Based Secure Storage System. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. Advances in Soft Computing, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88181-0_38
Download citation
DOI: https://doi.org/10.1007/978-3-540-88181-0_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88180-3
Online ISBN: 978-3-540-88181-0
eBook Packages: EngineeringEngineering (R0)