DSFS: Decentralized security for large parallel file systems

Author

Niu, Zhongying ; Hong Jiang ; Ke Zhou ; Feng, Dan ; Zhang, Shuping ; Yang, Tianming ; Lei, Dongliang ; Chen, Anli

Author_Institution

Coll. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China

fYear

2010

fDate

25-28 Oct. 2010

Firstpage

209

Lastpage

216

Abstract

This paper describes DSFS, a decentralized security system for large parallel file system. DSFS stores global access control lists (ACLs) in a centralized decision-making server and pushes pre-authorization lists (PALs) into storage devices. Thus DSFS allows users to flexibly set any access control policy for the global ACL or even change the global ACL system without having to upgrade the security code in their storage devices. With pre-authorization lists, DSFS enables a network-attached storage device to immediately authorize I/O, instead of demanding a client to acquire an authorization from a centralized authorization server at a crucial time. The client needs to acquire only an identity key from an authentication server to access any devices she wants. Experimental results show that DSFS achieves higher performance and scalability than traditional capability-based security protocols.

Keywords

authorisation; client-server systems; file organisation; file servers; centralized authorization server; centralized decision-making server; decentralized security; global access control lists; identity key; large parallel file systems; network-attached storage device; pre-authorization lists; security code; security protocols; Authentication; Authorization; Electronic mail; Protocols; Servers; decentralized access control; object storage; parallel file system; pre-authorization list;

fLanguage

English

Publisher

ieee

Conference_Titel

Grid Computing (GRID), 2010 11th IEEE/ACM International Conference on

Conference_Location

Brussels

Print_ISBN

978-1-4244-9347-0

Type

conf

DOI

10.1109/GRID.2010.5697947

Filename

5697947