Scalable security for large, high performance storage systems
Proceedings of the second ACM workshop on Storage security and survivability
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Integrating parallel file systems with object-based storage devices
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
The ANSI T10 object-based storage standard and current implementations
IBM Journal of Research and Development
Implementation of OSD security framework and credential cache
GPC'07 Proceedings of the 2nd international conference on Advances in grid and pervasive computing
Scalable I/O - a well-architected way to do scalable, secure and virtualized I/O
WIOV'08 Proceedings of the First conference on I/O virtualization
Key management for large-scale distributed storage systems
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Security enhancement and performance evaluation of an object-based storage system
HPCC'07 Proceedings of the Third international conference on High Performance Computing and Communications
Hi-index | 0.00 |
The ANSI T10 Object-based Storage Devices (OSD) Standard is a new standard. It evolves the storage interface from fixed size blocks to variable size objects and includes an integrated security protocol that protects storage. This paper presents the requirements, the design tradeoffs, and the final security protocol as defined in the standard. The resulting protocol is based on a secure capability-based model, enabling fine-grained access control that protects both the entire storage device and individual objects from unauthorized access. The protocol defines three methods of security based on the applications' requirements. Furthermore, the protocol's key management algorithm allows keys to be changed quickly, without disrupting normal operations. Finally, the protocol is currently being enhanced for version 2.0 of the ANSI T10 OSD standard; future extensions will include data-encryption and access-control on sections of storage objects.