Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
File server scaling with network-attached secure disks
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Linux Journal
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Authenticating Network-Attached Storage
IEEE Micro
Architecture of the Secure File System
MSS '01 Proceedings of the Eighteenth IEEE Symposium on Mass Storage Systems and Technologies
A Two Layered Approach for Securing an Object Store Network
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Security Considerations When Designing a Distributed File System Using Object Storage Devices
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
A universal access smart-card-based secure file system
ALS'99 Proceedings of the 3rd annual conference on Atlanta Linux Showcase - Volume 3
An update-aware storage system for low-locality update-intensive workloads
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
| Hi-index | 0.00 |
Network-attached object-based storage separatesdata-path from control-path and enables directinteraction between clients and the storage devices.Clients interact with the file manager only toacquire the meta-data information and some cryptographicprimitives, for example, access keys. Most ofthe current schemes rely on a centralized file managerto support these activities.This paper presents security mechanisms for decentralizedauthentication for object-based storage. Theschemes are novel in several ways. First of all, they reducethe load on the file manager and free the systemfrom central point of failure and denial of service attacks.We exploit Role-based Access Control (RBAC) toprovide scalability and design authentication schemesthat efficiently utilize RBAC. In most of the cases, theclient needs to acquire only one access key from thefile manager, which can be used by the client to furtherderive role-keys for the roles that he/she is permittedto play within an organization. Further, the numberof cryptographic keys required for the purpose of authenticationin these schemes is less as compared to theexisting schemes. Finally, we also present two simpleschemes that enable the clients to access objects storedon any device on the network using a single identity key.