Security in the IEEE Mass Storage System Reference Model

The author discusses the origins of the distribution topology of the IEEE Mass Storage System Reference Model, how it affects security, and the methods that can be used to provide secure resource access. He also shows how certain security considerations emphasize the importance of particular Model-defined services and impose architectural constraints on those services. It is noted that the model´s security problems stem from the client-centric distribution of various Model functions. These problems are heightened in Version 5 of the Model, in which any Model component is allowed to be distributed in a client-centric manner. While a distributed security scheme can provide an appropriate security environment, the relationships between Model components must be fully defined before any particular scheme can be recommended. Furthermore, it is critical that the correct authorization agents be identified with security, usability, and performance in mind. It is clear that, in certain cases, the Name Server becomes an important, if not focal, authorization agent. The challenge is to define a security protocol appropriate to the Model, as opposed to modifying the Model to fit current security schemes