ACM Transactions on Computer Systems (TOCS)
Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Authenticating Network-Attached Storage
IEEE Micro
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
Reliability Mechanisms for Very Large Storage Systems
MSS '03 Proceedings of the 20 th IEEE/11 th NASA Goddard Conference on Mass Storage Systems and Technologies (MSS'03)
A Two Layered Approach for Securing an Object Store Network
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Dynamic Metadata Management for Petabyte-Scale File Systems
Proceedings of the 2004 ACM/IEEE conference on Supercomputing
Efficient Access Control for Distributed Hierarchical File Systems
MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Scalable security for large, high performance storage systems
Proceedings of the second ACM workshop on Storage security and survivability
Ceph: a scalable, high-performance distributed file system
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
On business grid demands and approaches
GECON'07 Proceedings of the 4th international conference on Grid economics and business models
Key management for large-scale distributed storage systems
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
| Hi-index | 0.00 |
Recently, the Network-Attached Secure Disk (NASD) model has become a more widely used technique for constructing large-scale storage systems. However, the security system proposed for NASD assumes that each client will contact the server to get a capability to access one object on a server. While this approach works well in smaller-scale systems in which each file is composed of a few objects, it fails for large-scale systems in which thousands of clients make accesses to a single file composed of thousands of objects spread across thousands of disks. The file system we are building, Ceph, distributes files across many objects and disks to distribute load and improve reliability. In such a system, the metadata server cluster will sometimes see thousands of open requests for the same file within seconds. To address this bottleneck, we propose new authentication protocols for object-based storage systems in which a sequence of fixed-size objects comprise a file and flash crowds are likely. We qualitatively evaluated the security and risks of each protocol, and, using traces of a scientific application, compared the overhead of each protocol. We found that, surprisingly, a protocol using public key cryptography incurred little extra cost while providing greater security than a protocol using only symmetric key cryptography.