Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
The design and implementation of a log-structured file system
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
PGP source code and internals
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Grapevine: an exercise in distributed computing
Communications of the ACM
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
LegionFS: a secure and scalable file system supporting cross-domain high-performance applications
Proceedings of the 2001 ACM/IEEE conference on Supercomputing
Operating system services for wide-area applications
Operating system services for wide-area applications
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Access control to people location information
ACM Transactions on Information and System Security (TISSEC)
The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
A user-level secure grid file system
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
A nine year study of file system and storage benchmarking
ACM Transactions on Storage (TOS)
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Access control for federation of Emulab-based network testbeds
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Cacheable Decentralized Groups for Grid Resource Access Control
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Practical protection for personal storage in the cloud
Proceedings of the Third European Workshop on System Security
LoKey: leveraging the SMS network in decentralized, end-to-end trust establishment
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Modular software upgrades for distributed systems
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
Hi-index | 0.00 |
The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional approach to user authentication across administrative domains is for users to prove their identities through a chain of certificates. Certificates allow for general forms of delegation, but they often require more infrastructure than is necessary to support a network file system.This paper introduces an approach without certificates. Local authentication servers pre-fetch and cache remote user and group definitions from remote authentication servers. During a file access, an authentication server can establish identities for users based just on local information. This approach is particularly well-suited to file systems, and it provides a simple and intuitive interface that is similar to those found in local access control mechanisms. An implementation of the authentication server and a file server supporting access control lists demonstrate the viability of this design in the context of the Self-certifying File System (SFS). Experiments demonstrate that the authentication server can scale to groups with tens of thousands of members.