|
 ABSTRACT
New designs for petabyte-scale storage systems are now capable of transferring hundreds of gigabytes of data per second, but lack strong security. We propose a scalable and efficient protocol for security in high performance, object-based storage systems that reduces protocol overhead and eliminates bottlenecks, thus increasing performance without sacrificing security primitives. Our protocol enforces security using cryptographically secure capabilities, with three novel features that make them ideal for high performance workloads: a scheme for managing coarse grained capabilities, methods for describing client and file groups, and strict security control through capability lifetime extensions. By reducing the number of unique capabilities that must be generated, metadata server load is reduced. Combining and caching client verifications reduces client latencies and workload because metadata and data requests are more frequently serviced by cached capabilities. Strict access control is handled quickly and efficiently through short-lived capabilities and lifetime extensions.We have implemented a prototype of our security protocol and evaluated its performance and scalability using a high performance file system workload. Our numbers demonstrate the ability of our protocol to drastically reduce client security latency to nearly zero. Additionally, our approach improves MDS performance considerably, serving over 99% of all file access requests with cached capabilities. OSD scalability is greatly improved; our solution requires 95 times fewer capability verifications than previous solutions.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Marcos K. Aguilera , Minwen Ji , Mark Lillibridge , John MacCormick , Erwin Oertli , Dave Andersen , Mike Burrows , Timothy Mann , Chandramohan A. Thekkath, Block-Level Security for Network-Attached Disks, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
|
| |
2
|
Amer, A., Long, D.D.E., Pâris, J.-F., and Burns, R.C. File access prediction with adjustable accuracy. In Proceedings of the International Performance Conference on Computers and Communication (IPCCC '02) (Phoenix,Apr.2002), IEEE.
|
| |
3
|
Alain Azagury , Ran Canetti , Michael Factor , Shai Halevi , Ealan Henis , Dalit Naor , Noam Rinetzky , Ohad Rodeh , Julian Satran, A Two Layered Approach for Securing an Object Store Network, Proceedings of the First International IEEE Security in Storage Workshop, p.10, December 11-11, 2002
|
| |
4
|
Braam, P.J. The Lustre storage architecture. http://www.lustre.org/documentation.html,Cluster File Systems, Inc., Aug. 2004.
|
| |
5
|
|
 |
6
|
Garth A. Gibson , David F. Nagle , Khalil Amiri , Jeff Butler , Fay W. Chang , Howard Gobioff , Charles Hardin , Erik Riedel , David Rochberg , Jim Zelenka, A cost-effective, high-bandwidth storage architecture, Proceedings of the eighth international conference on Architectural support for programming languages and operating systems, p.92-103, October 02-07, 1998, San Jose, California, United States
|
| |
7
|
|
| |
8
|
|
| |
9
|
Oldfield, R.A., Maccabe, A.B., Arunagiri, S., Kordenbrock, T., Riesen, R., Ward, L., and Widener, P. Lightweight I/O for scientific applications. Tech. rep., Sandia National Laboratories, SAND2006-3057, May 2006.
|
| |
10
|
|
| |
11
|
Panasas. http://www.panasas.com.
|
| |
12
|
|
| |
13
|
Schwan, P. Lustre: Building a file system for 1000-node clusters. In Proceedings of the 2003 Linux Symposium (July 2003).
|
| |
14
|
Aameek Singh , Sandeep Gopisetty , Linda Duyanovich , Kaladhar Voruganti , David Pease , Ling Liu, Security vs Performance: Tradeoffs using a Trust Framework, Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies (MSST'05), p.270-277, April 11-14, 2005
[doi> 10.1109/MSST.2005.31]
|
| |
15
|
Wang, F., Xin, Q., Hong, B., Brandt, S.A., Miller, E.L., Long, D.D.E., and McLarty, T.T. File system workload analysis for large scale scientific computing applications. In Proceedings of the 21st IEEE/12th NASA Goddard Conference on Mass Storage Systems and Technologies (College Park,MD, Apr. 2004), pp. 139--152.
|
| |
16
|
Weil, S.A., Brandt, S.A., Miller, E.L., Long, D.D.E., and Maltzahn, C. Ceph: A scalable, high-performance distributed file system. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI) (Seattle, WA, Nov. 2006).
|
| |
17
|
Weil, S.A., Brandt, S.A., Miller, E.L., and Maltzahn, C. CRUSH: Controlled, scalable, decentralized placement of replicated data. In Proceedings of the 2006 ACM/IEEE Conference on Supercomputing (SC '06) (Tampa, FL, Nov. 2006), ACM.
|
CITED BY 3
|
|
|
|
|
Sage A. Weil , Scott A. Brandt , Ethan L. Miller , Darrell D. E. Long , Carlos Maltzahn, Ceph: a scalable, high-performance distributed file system, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.4