Using Network Attached Storage in a Secured Distributed File System

Published as Storage Systems Research Center Technical Report UCSC-SSRC-2000-06.

Abstract

Distributed file servers are becoming an important part of the network infrastructure. The increased capacity of disk drives has increased the amount of storage managed by the file server. The number of network clients have increased, as well as the bandwidth and connectivity between the clients and servers. The file server is a bottleneck in the access path between the network client and the data on the disks. To alleviate this bottleneck it has been proposed to directly attach disks to the network, thereby increasing the aggregate network bandwidth to the data and relieving the file server. Attaching disks to the network brings security problems that do not exist when the disk is only attached to the file server. Simply applying existing authentication protocols to network attached storage is not sufficient because of their administrative and computational requirements. We review some of the common means of authentication in use today and their weaknesses when applied to network attached storage. To address these authentication weaknesses, we present an authentication protocol to pro- vide strong authentication guarantees to network attached storage. This protocol avoids the infrastructure and computational overhead of other protocols while still providing strong identity, integrity, and freshness guarantees. To enable the protocol we introduce an object model to permit the correct level of access control to the data stored on the network storage devices. Additional advantages to using an object interface as opposed to a block interface are discussed. We describe a completely distributed file system, which we implemented for Linux, that takes advantage of the authentication protocol and object model. The file system exhibits scalability, manageability, and security features missing in most contemporary file systems. It also illustrates how adding simple object semantics to network storage devices can remove the need for a file server without sacrificing security.

Publication date:
June 2000

Authors:
Benjamin C. Reed

Projects:
Secure File and Storage Systems
Secure Networks

Available media

Full paper text: PDF

Bibtex entry

@techreport{breed-phd00,
  author       = {Benjamin C. Reed},
  title        = {Using Network Attached Storage in a Secured Distributed File System},
  institution  = {University of California, Santa Cruz},
  number       = {UCSC-SSRC-2000-06},
  month        = jun,
  year         = {2000},
}
Last modified 28 May 2019