ABSTRACT
The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional approach to user authentication across administrative domains is for users to prove their identities through a chain of certificates. Certificates allow for general forms of delegation, but they often require more infrastructure than is necessary to support a network file system.This paper introduces an approach without certificates. Local authentication servers pre-fetch and cache remote user and group definitions from remote authentication servers. During a file access, an authentication server can establish identities for users based just on local information. This approach is particularly well-suited to file systems, and it provides a simple and intuitive interface that is similar to those found in local access control mechanisms. An implementation of the authentication server and a file server supporting access control lists demonstrate the viability of this design in the context of the Self-certifying File System (SFS). Experiments demonstrate that the authentication server can scale to groups with tens of thousands of members.
- Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, and Roger P. Wattenhofer. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pages 1--14, Boston, MA, December 2002.]] Google ScholarDigital Library
- Eshwar Belani, Amin Vahdat, Thomas Anderson, and Michael Dahlin. The CRISIS wide area security architecture. In Proceedings of the 7th USENIX Security Symposium, pages 15--30, San Antonio, TX, January 1998.]] Google ScholarDigital Library
- Berkeley DB. http://www.sleepycat.com/.]]Google Scholar
- Andrew D. Birrell, Andy Hisgen, Chuck Jerian, Timothy Mann, and Garret Swart. The Echo distributed file system. Technical Report 111, Digital Systems Research Center, Palo Alto, CA, September 1993.]]Google Scholar
- Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Security and Privacy, pages 223--230, Oakland, CA, 1986.]]Google ScholarCross Ref
- Andrew D. Birrell, Roy Levin, Roger M. Needham, and Michael D. Schroeder. Grapevine: An exercise in distributed computing. Communications of the ACM, 25 (4): 260--274, April 1982.]] Google ScholarDigital Library
- R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, and V. Welch. A national-scale authentication infrastructure. IEEE Computer, 33 (12): 60--66, 2000.]] Google ScholarDigital Library
- B. Callaghan, B. Pawlowski, and P. Staubach. NFS version 3 protocol specification. RFC 1813, Network Working Group, June 1995.]] Google ScholarDigital Library
- Dwaine Clarke. SPKI/SDSI HTTP server/certificate chain discovery in SPKI/SDSI. Master's thesis, Massachusetts Institute of Technology, September 2001.]]Google Scholar
- T. Dierks and C. Allen. The TLS protocol. RFC 2246, Network Working Group, January 1999.]]Google Scholar
- C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylönen. SPKI certificate theory. RFC 2693, Network Working Group, September 1999.]] Google ScholarDigital Library
- Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate documentation. Work in progress, from http://www.pobox.com/~cme/html/spki.html, 2002.]]Google Scholar
- FIPS 180-1. Secure Hash Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, April 1995.]]Google Scholar
- I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit. Intl J. Supercomputer Applications, 11 (2): 115--128, 1997.]]Google ScholarDigital Library
- I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for computational grids. In Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pages 83--92, San Francisco, CA, November 1998.]] Google ScholarDigital Library
- Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet draft (draft-freier-ssl-version3-02.txt), Network Working Group, November 1996. Work in progress.]]Google Scholar
- Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital distributed system security architecture. In Proceedings of the 12th NIST-NCSC National Computer Security Conference, pages 305--319, Baltimore, MD, October 1989. URL citeseer.nj.nec.com/gasser89digital.html.]]Google Scholar
- John H. Howard, Michael L. Kazar, Sherri G. Menees, David A. Nichols, M. Satyanarayanan, Robert N. Sidebotham, and Michael J. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems, 6 (1): 51--81, February 1988.]] Google ScholarDigital Library
- Jon Howell and David Kotz. End-to-end authorization. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, pages 151--164, San Diego, CA, October 2000.]] Google ScholarDigital Library
- Michael Kaminsky, Eric Peterson, Kevin Fu, David Mazières, and M. Frans Kaashoek. REX: Secure, modular remote execution through file descriptor passing. Technical Report MIT-LCS-TR-884, MIT Laboratory for Computer Science, January 2003.]]Google Scholar
- John Kubiatowicz, David Bindel, Yan Chen, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Christopher Wells, and Ben Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 190--201, November 2000.]] Google ScholarDigital Library
- Butler Lampson, Martin Abadi, Michael Burrows, and Edward P. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10 (4): 265--310, 1992.]] Google ScholarDigital Library
- David Mazières, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles, pages 124--139, Kiawah Island, SC, 1999.]] Google ScholarDigital Library
- Microsoft Windows 2000 Advanced Server Documentation. http://www.microsoft.com/windows2000/en/advanced/help/.]]Google Scholar
- Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. Secure and flexible global file sharing. In Proceedings of the USENIX 2003 Annual Technical Conference, Freenix Track, pages 165--178, San Antonio, TX, June 2003.]]Google Scholar
- Alexander Morcos. A java implementation of simple distributed security infrastructure. Master's thesis, Massachusetts Institute of Technology, May 1998.]]Google Scholar
- Jude Regan and Christian Jensen. Capability file names: Separating authorisation from user management in an internet file system. In Proceedings of the 10th USENIX Security Symposium, pages 221--234, Washington, D.C., 2001.]] Google ScholarDigital Library
- Ronald L. Rivest and Butler Lampson. SDSI---a simple distributed security infrastructure. Working document from: http://theory.lcs.mit.edu/~cis/sdsi.html, 2002.]]Google Scholar
- M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles, pages 1--15, Pacific Grove, CA, October 1991.]] Google ScholarDigital Library
- R. Srinivasan. RPC: Remote procedure call protocol specification version 2. RFC 1831, Network Working Group, August 1995.]] Google ScholarDigital Library
- J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 USENIX, pages 191--202, Dallas, TX, February 1988.]]Google Scholar
- Amin Vahdat. Operating System Services for Wide-Area Applications. PhD thesis, Department of Computer Science, University of California, Berkeley, December 1998.]] Google ScholarDigital Library
- Brian S. White, Michael Walker, Marty Humphrey, and Andrew S. Grimshaw. LegionFS: A secure and scalable file system supporting cross-domain high-performance applications. In Proceedings of the IEEE/ACM Supercomputing Conference (SC2001), November 2001.]] Google ScholarDigital Library
- Edward P. Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12 (1): 3--32, 1994.]] Google ScholarDigital Library
- Thomas Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97--111, San Diego, CA, March 1998.]]Google Scholar
- X.509. Recommendation X.509: The Directory Authentication Framework. ITU-T (formerly CCITT) Information technology Open Systems Interconnection, December 1988.]]Google Scholar
- Tatu Ylönen. SSH -- secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pages 37--42, San Jose, CA, July 1996.]]Google Scholar
- Philip Zimmermann. PGP: Source Code and Internals. MIT Press, 1995.]] Google ScholarDigital Library
Index Terms
- Decentralized user authentication in a global file system
Recommendations
Decentralized access control in distributed file systems
The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are ...
Decentralized user authentication in a global file system
SOSP '03The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional ...
A Single Sign-On Model for Web Services Based on Password Scheme
CICSYN '09: Proceedings of the 2009 First International Conference on Computational Intelligence, Communication Systems and NetworksAt present, Internet users authenticate themselves using credentials to access different registered web services. These credentials are vulnerable to security threats in presence of active attackers. This imposes a burden on users to manage their ...
Comments