Article

Decentralized user authentication in a global file system

Authors:
Michael Kaminsky

MIT Computer Science and Artificial Intelligence Laboratory

MIT Computer Science and Artificial Intelligence Laboratory
View Profile

,
George Savvides

McGill University School of Computer Science

McGill University School of Computer Science
View Profile

,
David Mazieres

NYU Department of Computer Science

NYU Department of Computer Science
View Profile

,
M. Frans Kaashoek

MIT Computer Science and Artificial Intelligence Laboratory

MIT Computer Science and Artificial Intelligence Laboratory
View Profile

SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principlesOctober 2003Pages 60–73https://doi.org/10.1145/945445.945452

Published:19 October 2003Publication History

SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles

Pages 60–73

ABSTRACT

The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional approach to user authentication across administrative domains is for users to prove their identities through a chain of certificates. Certificates allow for general forms of delegation, but they often require more infrastructure than is necessary to support a network file system.This paper introduces an approach without certificates. Local authentication servers pre-fetch and cache remote user and group definitions from remote authentication servers. During a file access, an authentication server can establish identities for users based just on local information. This approach is particularly well-suited to file systems, and it provides a simple and intuitive interface that is similar to those found in local access control mechanisms. An implementation of the authentication server and a file server supporting access control lists demonstrate the viability of this design in the context of the Self-certifying File System (SFS). Experiments demonstrate that the authentication server can scale to groups with tens of thousands of members.

References

Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, and Roger P. Wattenhofer. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pages 1--14, Boston, MA, December 2002.]] Google ScholarDigital Library
Eshwar Belani, Amin Vahdat, Thomas Anderson, and Michael Dahlin. The CRISIS wide area security architecture. In Proceedings of the 7th USENIX Security Symposium, pages 15--30, San Antonio, TX, January 1998.]] Google ScholarDigital Library
Berkeley DB. http://www.sleepycat.com/.]]Google Scholar
Andrew D. Birrell, Andy Hisgen, Chuck Jerian, Timothy Mann, and Garret Swart. The Echo distributed file system. Technical Report 111, Digital Systems Research Center, Palo Alto, CA, September 1993.]]Google Scholar
Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Security and Privacy, pages 223--230, Oakland, CA, 1986.]]Google ScholarCross Ref
Andrew D. Birrell, Roy Levin, Roger M. Needham, and Michael D. Schroeder. Grapevine: An exercise in distributed computing. Communications of the ACM, 25 (4): 260--274, April 1982.]] Google ScholarDigital Library
R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, and V. Welch. A national-scale authentication infrastructure. IEEE Computer, 33 (12): 60--66, 2000.]] Google ScholarDigital Library
B. Callaghan, B. Pawlowski, and P. Staubach. NFS version 3 protocol specification. RFC 1813, Network Working Group, June 1995.]] Google ScholarDigital Library
Dwaine Clarke. SPKI/SDSI HTTP server/certificate chain discovery in SPKI/SDSI. Master's thesis, Massachusetts Institute of Technology, September 2001.]]Google Scholar
T. Dierks and C. Allen. The TLS protocol. RFC 2246, Network Working Group, January 1999.]]Google Scholar
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylönen. SPKI certificate theory. RFC 2693, Network Working Group, September 1999.]] Google ScholarDigital Library
Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate documentation. Work in progress, from http://www.pobox.com/~cme/html/spki.html, 2002.]]Google Scholar
FIPS 180-1. Secure Hash Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, April 1995.]]Google Scholar
I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit. Intl J. Supercomputer Applications, 11 (2): 115--128, 1997.]]Google ScholarDigital Library
I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for computational grids. In Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pages 83--92, San Francisco, CA, November 1998.]] Google ScholarDigital Library
Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet draft (draft-freier-ssl-version3-02.txt), Network Working Group, November 1996. Work in progress.]]Google Scholar
Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital distributed system security architecture. In Proceedings of the 12th NIST-NCSC National Computer Security Conference, pages 305--319, Baltimore, MD, October 1989. URL citeseer.nj.nec.com/gasser89digital.html.]]Google Scholar
John H. Howard, Michael L. Kazar, Sherri G. Menees, David A. Nichols, M. Satyanarayanan, Robert N. Sidebotham, and Michael J. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems, 6 (1): 51--81, February 1988.]] Google ScholarDigital Library
Jon Howell and David Kotz. End-to-end authorization. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, pages 151--164, San Diego, CA, October 2000.]] Google ScholarDigital Library
Michael Kaminsky, Eric Peterson, Kevin Fu, David Mazières, and M. Frans Kaashoek. REX: Secure, modular remote execution through file descriptor passing. Technical Report MIT-LCS-TR-884, MIT Laboratory for Computer Science, January 2003.]]Google Scholar
John Kubiatowicz, David Bindel, Yan Chen, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Christopher Wells, and Ben Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 190--201, November 2000.]] Google ScholarDigital Library
Butler Lampson, Martin Abadi, Michael Burrows, and Edward P. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10 (4): 265--310, 1992.]] Google ScholarDigital Library
David Mazières, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles, pages 124--139, Kiawah Island, SC, 1999.]] Google ScholarDigital Library
Microsoft Windows 2000 Advanced Server Documentation. http://www.microsoft.com/windows2000/en/advanced/help/.]]Google Scholar
Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. Secure and flexible global file sharing. In Proceedings of the USENIX 2003 Annual Technical Conference, Freenix Track, pages 165--178, San Antonio, TX, June 2003.]]Google Scholar
Alexander Morcos. A java implementation of simple distributed security infrastructure. Master's thesis, Massachusetts Institute of Technology, May 1998.]]Google Scholar
Jude Regan and Christian Jensen. Capability file names: Separating authorisation from user management in an internet file system. In Proceedings of the 10th USENIX Security Symposium, pages 221--234, Washington, D.C., 2001.]] Google ScholarDigital Library
Ronald L. Rivest and Butler Lampson. SDSI---a simple distributed security infrastructure. Working document from: http://theory.lcs.mit.edu/~cis/sdsi.html, 2002.]]Google Scholar
M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles, pages 1--15, Pacific Grove, CA, October 1991.]] Google ScholarDigital Library
R. Srinivasan. RPC: Remote procedure call protocol specification version 2. RFC 1831, Network Working Group, August 1995.]] Google ScholarDigital Library
J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 USENIX, pages 191--202, Dallas, TX, February 1988.]]Google Scholar
Amin Vahdat. Operating System Services for Wide-Area Applications. PhD thesis, Department of Computer Science, University of California, Berkeley, December 1998.]] Google ScholarDigital Library
Brian S. White, Michael Walker, Marty Humphrey, and Andrew S. Grimshaw. LegionFS: A secure and scalable file system supporting cross-domain high-performance applications. In Proceedings of the IEEE/ACM Supercomputing Conference (SC2001), November 2001.]] Google ScholarDigital Library
Edward P. Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12 (1): 3--32, 1994.]] Google ScholarDigital Library
Thomas Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97--111, San Diego, CA, March 1998.]]Google Scholar
X.509. Recommendation X.509: The Directory Authentication Framework. ITU-T (formerly CCITT) Information technology Open Systems Interconnection, December 1988.]]Google Scholar
Tatu Ylönen. SSH -- secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pages 37--42, San Jose, CA, July 1996.]]Google Scholar
Philip Zimmermann. PGP: Source Code and Internals. MIT Press, 1995.]] Google ScholarDigital Library

Index Terms

Recommendations

Decentralized access control in distributed file systems

The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are ...
Read More
Decentralized user authentication in a global file system
SOSP '03

The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional ...
Read More
A Single Sign-On Model for Web Services Based on Password Scheme
CICSYN '09: Proceedings of the 2009 First International Conference on Computational Intelligence, Communication Systems and Networks

At present, Internet users authenticate themselves using credentials to access different registered web services. These credentials are vulnerable to security threats in presence of active attackers. This imposes a burden on users to manage their ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles
October 2003
338 pages
ISBN:1581137575
DOI:10.1145/945445
General Chair:
Michael L. Scott
University of Rochester
,
Program Chair:
Larry Peterson
Princeton University
ACM SIGOPS Operating Systems Review Volume 37, Issue 5
SOSP '03
December 2003
329 pages
ISSN:0163-5980
DOI:10.1145/1165389
Issue’s Table of Contents
Copyright © 2003 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 October 2003
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ACL
SFS
authentication
authorization
credentials
file system
groups
users
Qualifiers
- Article
Conference

Acceptance Rates
SOSP '03 Paper Acceptance Rate22of128submissions,17%Overall Acceptance Rate131of716submissions,18%
More
Upcoming Conference
SOSP '24

Sponsor:

sigops

ACM SIGOPS 29th Symposium on Operating Systems Principles

November 5 - 8, 2024

Austin , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 2,048
  Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Decentralized user authentication in a global file system

SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles

ABSTRACT

References

Cited By

Index Terms

Recommendations

Decentralized access control in distributed file systems

Decentralized user authentication in a global file system

A Single Sign-On Model for Web Services Based on Password Scheme