Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Capability-Based Computer Systems
Capability-Based Computer Systems
GPFS: A Shared-Disk File System for Large Computing Clusters
FAST '02 Proceedings of the Conference on File and Storage Technologies
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
zFS " A Scalable Distributed File System Using Object Disks
MSS '03 Proceedings of the 20 th IEEE/11 th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS'03)
A Two Layered Approach for Securing an Object Store Network
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The Panasas ActiveScale Storage Cluster: Delivering Scalable High Bandwidth Storage
Proceedings of the 2004 ACM/IEEE conference on Supercomputing
Security vs Performance: Tradeoffs using a Trust Framework
MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure capabilities for a petabyte-scale object-based distributed file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Scalable security for large, high performance storage systems
Proceedings of the second ACM workshop on Storage security and survivability
CRUSH: controlled, scalable, decentralized placement of replicated data
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
MapReduce: simplified data processing on large clusters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
File access prediction with adjustable accuracy
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Merging NT and UNIX filesystem permissions
WINSYM'98 Proceedings of the 2nd conference on USENIX Windows NT Symposium - Volume 2
Ceph: a scalable, high-performance distributed file system
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Formal analysis of dynamic, distributed file-system access controls
FORTE'06 Proceedings of the 26th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Proceedings of the 4th ACM international workshop on Storage security and survivability
Exploring data reliability tradeoffs in replicated storage systems
Proceedings of the 18th ACM international symposium on High performance distributed computing
Key management for large-scale distributed storage systems
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Horus: fine-grained encryption-based security for high performance petascale storage
Proceedings of the sixth workshop on Parallel Data Storage
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
Horus: fine-grained encryption-based security for large-scale storage
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
Petascale, high-performance file systems often hold sensitive data and thus require security, but authentication and authorization can dramatically reduce performance. Existing security solutions perform poorly in these environments because they cannot scale with the number of nodes, highly distributed data, and demanding workloads. To address these issues, we developed Maat, a security protocol designed to provide strong, scalable security to these systems. Maat introduces three new techniques. Extended capabilities limit the number of capabilities needed by allowing a capability to authorize I/O for any number of client-file pairs. Automatic Revocation uses short capability lifetimes to allow capability expiration to act as global revocation, while supporting non-revoked capability renewal. Secure Delegation allows clients to securely act on behalf of a group to open files and distribute access, facilitating secure joint computations. Experiments on the Maat prototype in the Ceph petascale file system show an overhead as little as 6--7%.