Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Disconnected operation in the Coda File System
ACM Transactions on Computer Systems (TOCS)
An empirical study of a wide-area distributed file system
ACM Transactions on Computer Systems (TOCS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Information and control in gray-box systems
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Safety, Visibility, and Performance in a Wide-Area File System
FAST '02 Proceedings of the Conference on File and Storage Technologies
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Context-Based Access Control for Ubiquitous Service Provisioning
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
A Trust-Based Context-Aware Access Control Model for Web-Services
Distributed and Parallel Databases
Passive NFS Tracing of Email and Research Workloads
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Connections: using context to enhance file search
Proceedings of the twentieth ACM symposium on Operating systems principles
An Anonymous Context Aware Access Control Architecture For Ubiquitous Services
MDM '06 Proceedings of the 7th International Conference on Mobile Data Management
Inferring Access-Control Policy Properties via Machine Learning
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Adaptive Context-Aware Access Control Policy in Ad-Hoc Networks
ICAS '07 Proceedings of the Third International Conference on Autonomic and Autonomous Systems
FileWall: A Firewall for Network File Systems
DASC '07 Proceedings of the Third IEEE International Symposium on Dependable, Autonomic and Secure Computing
Inferring higher level policies from firewall rules
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
ISWC'06 Proceedings of the 5th international conference on The Semantic Web
Hi-index | 0.00 |
Securing access to files is an important and growing concern in corporate environments. Employees are increasingly accessing files from untrusted devices, including personal home computers and mobile devices, such as smart phones, which are not under the control of the corporation, and may be infected with viruses, worms, and other malware. In such cases, it is crucial to protect the confidentiality and integrity of corporate data from malicious accesses. This paper proposes a novel scheme called Working Set-Based Access Control (WSBAC) to restrict network file system accesses from untrusted devices. The key idea is to continuously observe and extract working sets for users when they access files from trusted devices and use the working sets to restrict user file accesses from untrusted devices. This paper reports on the design and implementation of tools to automatically extract working sets, and transparently enforce WSBAC without requiring changes to the file system. Our experiments with realistic network file system traces lead us to conclude that WSBAC offers a flexible yet secure way to restrict access from untrusted devices, and that the runtime overheads of WSBAC enforcement are negligible.