Decentralized user authentication in a global file system

Authors:
Michael Kaminsky;George Savvides;David Mazieres;M. Frans Kaashoek
Affiliations:
MIT Computer Science and Artificial Intelligence Laboratory;McGill University School of Computer Science;NYU Department of Computer Science;MIT Computer Science and Artificial Intelligence Laboratory
Venue:
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Year:
2003

Citing 15
Cited 14

Scale and performance in a distributed file system

ACM Transactions on Computer Systems (TOCS)
The design and implementation of a log-structured file system

SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system

ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
PGP source code and internals

PGP source code and internals
A security architecture for computational grids

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Separating key management from file system security

Proceedings of the seventeenth ACM symposium on Operating systems principles
Grapevine: an exercise in distributed computing

Communications of the ACM
OceanStore: an architecture for global-scale persistent storage

ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
LegionFS: a secure and scalable file system supporting cross-domain high-performance applications

Proceedings of the 2001 ACM/IEEE conference on Supercomputing
A National-Scale Authentication Infrastructure

Computer
Operating system services for wide-area applications

Operating system services for wide-area applications
Farsite: federated, available, and reliable storage for an incompletely trusted environment

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Capability file names: separating authorisation from user management in an internet file system

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SSH: secure login connections over the internet

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Securing distributed storage: challenges, techniques, and systems

Proceedings of the 2005 ACM workshop on Storage security and survivability
Access control to people location information

ACM Transactions on Information and System Security (TISSEC)
The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Authorizing applications in singularity

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
A user-level secure grid file system

Proceedings of the 2007 ACM/IEEE conference on Supercomputing
A nine year study of file system and storage benchmarking

ACM Transactions on Storage (TOS)
Decentralized access control in distributed file systems

ACM Computing Surveys (CSUR)
Access control for federation of Emulab-based network testbeds

CSET'08 Proceedings of the conference on Cyber security experimentation and test
Cacheable Decentralized Groups for Grid Resource Access Control

GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Practical protection for personal storage in the cloud

Proceedings of the Third European Workshop on System Security
LoKey: leveraging the SMS network in decentralized, end-to-end trust establishment

PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Modular software upgrades for distributed systems

ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Nephele: Scalable Access Control for Federated File Services

Journal of Grid Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The challenge for user authentication in a global file system is allowing people to grant access to specific users and groups in remote administrative domains, without assuming any kind of pre-existing administrative relationship. The traditional approach to user authentication across administrative domains is for users to prove their identities through a chain of certificates. Certificates allow for general forms of delegation, but they often require more infrastructure than is necessary to support a network file system.This paper introduces an approach without certificates. Local authentication servers pre-fetch and cache remote user and group definitions from remote authentication servers. During a file access, an authentication server can establish identities for users based just on local information. This approach is particularly well-suited to file systems, and it provides a simple and intuitive interface that is similar to those found in local access control mechanisms. An implementation of the authentication server and a file server supporting access control lists demonstrate the viability of this design in the context of the Self-certifying File System (SFS). Experiments demonstrate that the authentication server can scale to groups with tens of thousands of members.