The OSD Security Protocol

Authors:
Michael Factor;David Nagle;Dalit Naor;Erik Riedel;Julian Satran
Affiliations:
IBM Haifa Research Lab, Israel;Panasas, USA;IBM Haifa Research Lab, Israel;Seagate Research, USA;IBM Haifa Research Lab, Israel
Venue:
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Year:
2005

Citing 0
Cited 8

Scalable security for large, high performance storage systems

Proceedings of the second ACM workshop on Storage security and survivability
Scalable security for petascale parallel file systems

Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Integrating parallel file systems with object-based storage devices

Proceedings of the 2007 ACM/IEEE conference on Supercomputing
The ANSI T10 object-based storage standard and current implementations

IBM Journal of Research and Development
Implementation of OSD security framework and credential cache

GPC'07 Proceedings of the 2nd international conference on Advances in grid and pervasive computing
Scalable I/O - a well-architected way to do scalable, secure and virtualized I/O

WIOV'08 Proceedings of the First conference on I/O virtualization
Key management for large-scale distributed storage systems

EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Security enhancement and performance evaluation of an object-based storage system

HPCC'07 Proceedings of the Third international conference on High Performance Computing and Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The ANSI T10 Object-based Storage Devices (OSD) Standard is a new standard. It evolves the storage interface from fixed size blocks to variable size objects and includes an integrated security protocol that protects storage. This paper presents the requirements, the design tradeoffs, and the final security protocol as defined in the standard. The resulting protocol is based on a secure capability-based model, enabling fine-grained access control that protects both the entire storage device and individual objects from unauthorized access. The protocol defines three methods of security based on the applications' requirements. Furthermore, the protocol's key management algorithm allows keys to be changed quickly, without disrupting normal operations. Finally, the protocol is currently being enhanced for version 2.0 of the ANSI T10 OSD standard; future extensions will include data-encryption and access-control on sections of storage objects.