Block-Level Security for Network-Attached Disks
作者: Chandramohan A. Thekkath , Mark Lillibridge , Erwin Oertli , Timothy Mann , Minwen Ji
DOI:
关键词:
摘要: We propose a practical and efficient method for adding security to network-attached disks (NADs). In contrast previous work, our design requires no changes the data layout on disk, minimal existing NADs, only small standard protocol accessing remote block-based devices. Thus, NAD file systems storage-management software could incorporate scheme very easily. Our enforces using well-known idea of self-describing capabilities, with two novel features that limit need memory secure NADs: manage revocations based capability groups, replay-detection Bloom filters.We have implemented prototype system, called Snapdragon, incorporates ideas. evaluated Snapdragon's performance scalability. The overhead access control is small: latency reads writes increases by less than 0.5 ms (5%), while bandwidth decreases up 16%. aggregate throughput scales linearly number NADs (up 7 in experiments).
tim-mann.org
researchgate.net 参考文章(22)
Ethan L. Miller, William E. Freeman, Design for a Decentralized Security System For Network Attached Storage. IEEE Symposium on Mass Storage Systems. pp. 379- 392 ,(2000)
Matthew T. O’Keefe, Shared File Systems and Fibre Channel ,(1998)
Howard Gobioff, Security for a High Performance Commodity Storage Subsystem (CMU-CS-99-160) ,(1999)
Eran Gabber, Abraham Silberschatz, None, Agora: a minimal distributed protocol for electronic commerce WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2. pp. 13- 13 ,(1996)
Howard Gobioff, Garth Gibson, Doug Tygar, Security for Network Attached Storage Devices ,(1997)
Rodney VanMeter, Gregory Finn, Steve Hotz, Derived virtual devices: a secure distributed file system mechanism ,(1996)
Ethan L. Miller, Darrell D. E. Long, Benjamin C. Reed, William E. Freeman, Strong security for network-attached storage file and storage technologies. pp. 1- 13 ,(2002)
Ram Swaminathan, Erik Riedel, Mahesh Kallahalla, A framework for evaluating storage system security file and storage technologies. pp. 15- 30 ,(2002)
Howard Gobioff, David F. Nagle, Fay W. Chang, Khalil Amiri, Garth A. Gibson, Filesystems for Network-Attached Secure Disks, ,(1997)
B.C. Reed, E.G. Chron, R.C. Burns, D.D.E. Long, Authenticating network attached storage IEEE Micro. ,vol. 20, pp. 49- 57 ,(2000) , 10.1109/40.820053