A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Authenticating Network-Attached Storage
IEEE Micro
A Two Layered Approach for Securing an Object Store Network
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
Secrecy, authentication, and public key systems.
Secrecy, authentication, and public key systems.
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
Security vs Performance: Tradeoffs using a Trust Framework
MSST '05 Proceedings of the 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies
Block-Level Security for Network-Attached Disks
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure capabilities for a petabyte-scale object-based distributed file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
CRUSH: controlled, scalable, decentralized placement of replicated data
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
File access prediction with adjustable accuracy
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Ceph: a scalable, high-performance distributed file system
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Scaling security for big, parallel file systems
FAST '07 Proceedings of the 5th USENIX conference on File and Storage Technologies
Ceph: a scalable, high-performance distributed file system
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Scalable security for petascale parallel file systems
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Configurable security for scavenged storage systems
Proceedings of the 4th ACM international workshop on Storage security and survivability
Quality of security adaptation in parallel disk systems
Journal of Parallel and Distributed Computing
Key management for large-scale distributed storage systems
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
CaPaS: an optimal security-aware cache replacement algorithm for cluster storage systems
International Journal of High Performance Systems Architecture
Hi-index | 0.00 |
New designs for petabyte-scale storage systems are now capable of transferring hundreds of gigabytes of data per second, but lack strong security. We propose a scalable and efficient protocol for security in high performance, object-based storage systems that reduces protocol overhead and eliminates bottlenecks, thus increasing performance without sacrificing security primitives. Our protocol enforces security using cryptographically secure capabilities, with three novel features that make them ideal for high performance workloads: a scheme for managing coarse grained capabilities, methods for describing client and file groups, and strict security control through capability lifetime extensions. By reducing the number of unique capabilities that must be generated, metadata server load is reduced. Combining and caching client verifications reduces client latencies and workload because metadata and data requests are more frequently serviced by cached capabilities. Strict access control is handled quickly and efficiently through short-lived capabilities and lifetime extensions.We have implemented a prototype of our security protocol and evaluated its performance and scalability using a high performance file system workload. Our numbers demonstrate the ability of our protocol to drastically reduce client security latency to nearly zero. Additionally, our approach improves MDS performance considerably, serving over 99% of all file access requests with cached capabilities. OSD scalability is greatly improved; our solution requires 95 times fewer capability verifications than previous solutions.