distributed file systems security anonymous access
play

Distributed File Systems Security: Anonymous access all files - PDF document

Dec 15, 2022 •9 likes •89 views

6/6/2017 Distributed File Systems Security: Anonymous access all files available to all users 14B. Remote Data: Security no authentication required may be limited to read-only access 14C. Remote Data: Reliability & Robustness

  1. 6/6/2017 Distributed File Systems Security: Anonymous access • all files available to all users 14B. Remote Data: Security – no authentication required – may be limited to read-only access 14C. Remote Data: Reliability & Robustness – examples: anonymous FTP, HTTP 14D. Remote Data: Performance • advantages 14E. Remote Data: Consistency – simple implementation 14F. Distributes Systems: Scalability • disadvantages – incapable of providing information privacy – write access often managed by other means Distributed Data - Performance, Robustness, Consistency 1 Distributed Data - Performance, Robustness, Consistency 2 Peer-to-Peer Security Server Authenticated Sessions • client-side authentication/authorization • client agent authenticates to each server – all users are known to all systems – session authorization based on those credentials – all systems are trusted to enforce access control – example: CIFS, authenticated HTTPS sessions – example: basic NFS • advantages • advantages – simple implementation – simple implementation • limitations • disadvantages – assumes all client systems can be trusted – may not work in heterogeneous OS environment – assumes all users are known to all systems – universal user registry is not scalable • UID mapping between heterogeneous OSs – no automatic fail-over if server dies • efficiency /scalability of universal user registries Distributed Data - Performance, Robustness, Consistency 3 Distributed Data - Performance, Robustness, Consistency 4 Domain Authentication Service example: KERBEROS • establishes secure client/server sessions • independent authentication of client & server • based on digital signatures – each authenticates with authentication service – every agent has a secret (symmetric) key – keys are known only to agent, and KERBEROS – each knows/trusts only the authentication service • request to KERBEROS encrypted w/client key • authentication service issues signed “tickets” – KERBEROS can decrypt it, authenticating requester – assuring each of the others’ identity and rights • KERBEROS response is two-part work ticket – may be revocable or have a limited life-time – part 1: encrypted with client's key • a symmetric session key • may establish secure two-way session • part 2 (to be forward, by client, to server) – privacy – nobody else can snoop on conversation – part 2: encrypted with server's key • client ID, ticket duration, – integrity – nobody can generate fake messages • symmetric session key Distributed Data - Performance, Robustness, Consistency 5 Distributed Data - Performance, Robustness, Consistency 6 1

  2. 6/6/2017 KERBEROS Work Tickets Distributed Authorization Authentication Client Server • Authentication service returns credentials Service request – which server checks against Access Control List client ID generate session key server ID – advantage: auth service doesn’t know about ACLs expiration time C-ticket S-ticket • Authentication service returns Capabilities session key session key server ID client ID – which server can verify (by signature) expiration time expiration time – advantage: servers do not know about clients encrypt w/server key decrypt w/client key encrypt w/client key decrypt w/server key • Both approaches are commonly used – credentials: if subsequent authorization required subsequent communication encrypted w/symmetric session keys – capabilities: if access can be granted all-at-once – either may have an expiration time Distributed Data - Performance, Robustness, Consistency 7 Distributed Data - Performance, Robustness, Consistency 8 Robustness: Embracing Failure Reliability and Availability • Failures are inevitable • Reliability … probability of not losing data – more components have more failures – disk/server failures to not result in data loss • RAID (mirroring, parity, erasure coding) – complex systems have more modes of failure • copies on multiple servers – we cannot build perfect components or systems – automatic recovery (of redundancy) after failure • We must build robust systems • Availability … fraction of time service available – additional capacity to survive failures – disk/server failures do not impact data availability – automatic failure detection • backup servers with automatic fail-over – dynamically adapt to the new reality – automatic recovery (back up to date) after rejoin – continue service, despite component failures Distributed Data - Performance, Robustness, Consistency 9 Distributed Data - Performance, Robustness, Consistency 10 Problems and Solutions Availability: Fail-Over • Network Errors – support client retries • data must be mirrored to secondary server – RFS protocol uses idempotent requests • failure of primary server must be detected – RFS protocol supports all-or-none transactions • client must be failed-over to secondary • Client Failures – support server-side recovery – automatic back-out of uncommitted transactions • session state must be reestablished – automatic expiration of timed out lock leases – client authentication/credentials • Server Failures – support server fail-over – session parameters (e.g. working directory, offset) – replicated (parallel or back-up) servers • in-progress operations must be retransmitted – stateless RFS protocols – client must expect timeouts, retransmit requests – automatic client-server rebinding – client responsible for writes until server ACKs Distributed Data - Performance, Robustness, Consistency 11 Distributed Data - Performance, Robustness, Consistency 12 2

  3. 6/6/2017 Reliability: Data Mirroring Availability: Failure Detect/Rebind • client driven recovery secondary – client detects server failure (connection error) – client reconnects to (successor) server Back-side Mirroring client primary – client reestablishes session secondary • transparent failure recovery – system detects server failure (health monitoring) secondary – successor assumes primary’s IP address Front-side Mirroring – state reestablishment client primary • successor recovers last primary state check-point • stateless protocol secondary Distributed Data - Performance, Robustness, Consistency 13 Distributed Data - Performance, Robustness, Consistency 14 Availability: Stateless Protocols Availability: Idempotent Operations • a statefull protocol (e.g. TCP) • can be repeated many times with same effect – operations occur within a context – read block 100 of file X – each operation depends on previous operations – write block 100 of file X with contents Y – delete file X version 3 – successor server must remember session state – non-idempotent operations • a stateless protocol (e.g. HTTP) • read next block of current file – client supplies necessary context w/each request • append contents Y to end of file X • if client gets no response, resend request – each operation is complete and unambiguous – if server gets multiple requests, no harm done – successor server has no memory of past events – works for server failure, lost request, lost response • stateless protocols make fail-over easy • but no ACK does not mean operation did not happen Distributed Data - Performance, Robustness, Consistency 15 Distributed Data - Performance, Robustness, Consistency 16 (nearly) Stateless Protocols Performance Challenges • single client response-time • client can maintain the session state – remote requests involve messages and delays – e.g. file handles and current offsets – error detection/recovery further reduces efficiency • aggregate bandwidth • write operations can be made idempotent A 3 – each client puts message processing load on server – e.g. associate a client XID with each write – each client puts disk throughput load on server • idempotence doesn’t solve multi-writer races – each message loads server NIC and network • WAN scale operation – competing writers must serialize their updates A 4 – where bandwidth is limited and latency is high – clients cannot be trusted to maintain lock state • aggregate capacity • we need a state-full Distributed Lock Manager – how to transparently grow existing file systems – for whom failure recovery is extremely complex Distributed Data - Performance, Robustness, Consistency 17 Distributed Data - Performance, Robustness, Consistency 18 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed File Systems Security: Anonymous access all files available to all users 14B.

Distributed File Systems Security: Anonymous access all files available to all users 14B.

5/30/2018 Distributed File Systems Security: Anonymous access all files available to all users 14B. Remote Data Access: Security no authentication required may be limited to read-only access 14C. Remote Data: Robustness examples:

391 views • 9 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Distributed-File Systems Background Naming and Transparency Remote File Access

Distributed-File Systems Background Naming and Transparency Remote File Access

Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Typeset by Foil T EX 1 Background Distributed file system (DFS)

1.1k views • 73 slides
Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles

Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles

5/25/2016 Distributed File Systems 14A. Remote Data Access: Architectures Operating Systems Principles 14B. Remote Data Access: Security 14C. Remote Data Access: Reliability Distributed File Systems 14D. Remote Data Access: Performance 14E.

321 views • 8 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Operating System Concepts Silberschatz, Galvin and Gagne 2002

168 views • 12 slides
Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Silberschatz, Galvin, and Gagne 1999 Applied Operating System

1.3k views • 29 slides
Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File

Module 17: Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Silberschatz, Galvin, and Gagne 1999 Applied Operating System

726 views • 58 slides
Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File

Chapter 16 Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication Example Systems Operating System Concepts 16.1 Silberschatz, Galvin and Gagne

277 views • 24 slides
NFS Heterogeneous systems must be supported Different HW, OS, underlying file system

NFS Heterogeneous systems must be supported Different HW, OS, underlying file system

Distributed File Systems Distributed Systems Case Studies NFS AFS CODA DFS SMB CIFS Distributed File Systems Dfs WebDAV GFS Gmail -FS ? xFS Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted,

430 views • 19 slides
Silberschatz and Galvin Chapter 17 Distributed File Systems CPSC 410--Richard Furuta 4/15/99 1

Silberschatz and Galvin Chapter 17 Distributed File Systems CPSC 410--Richard Furuta 4/15/99 1

Silberschatz and Galvin Chapter 17 Distributed File Systems CPSC 410--Richard Furuta 4/15/99 1 Distributed File Systems Naming and Transparency Remote File Access Stateful versus Stateless Service File Replication CPSC

178 views • 16 slides
Distributed File Systems Issues in Distributed File Service Case Studies: Sun

Distributed File Systems Issues in Distributed File Service Case Studies: Sun

CPSC-662 Distributed Computing Distributed File Systems Distributed File Systems Issues in Distributed File Service Case Studies: Sun Network File System Coda File System Web Reading: Coulouris: Distributed

318 views • 12 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed connection to access remote resources We want more transparency Allow user to access remote resources just as local ones Focus on file system for

1k views • 66 slides
Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Distributed File Systems Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Distributed File

1.56k views • 109 slides
The Question of the Day: Presented by Alan Chandler, Chartered Insurer Alan Chandler Training

The Question of the Day: Presented by Alan Chandler, Chartered Insurer Alan Chandler Training

The Question of the Day: Presented by Alan Chandler, Chartered Insurer Alan Chandler Training Does my Business Interruption policy E Mail alanchandler@uwclub.net cover Covid-19 ? Alan lan Chan andle ler, Char artered In Insu surer e

781 views • 32 slides
NJ Department of Human Services Office of Program Integrity and Accountability COVID-19 Response

NJ Department of Human Services Office of Program Integrity and Accountability COVID-19 Response

NJ Department of Human Services Office of Program Integrity and Accountability COVID-19 Response Date: 03-30-2020 Topic: Incident Reporting The Department of Human Services (DHS) continues to implement efforts to safeguard the health, safety

77 views • 3 slides
National Data Storage National Data Storage - g - architecture and mechanisms architecture and

National Data Storage National Data Storage - g - architecture and mechanisms architecture and

National Data Storage National Data Storage - g - architecture and mechanisms architecture and mechanisms Micha Jankowski Maciej Brze niak PSNC A Agenda d Introduction Assumptions Assumptions Architecture Main

696 views • 32 slides
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 07: Consistency & Replication Version: November 26, 2012 Consistency & Replication Consistency

650 views • 41 slides
MEMBER COMPLIANCE ASSISTANCE WORKSHOP January 29, 2019 Kings River Water Quality Coalition

MEMBER COMPLIANCE ASSISTANCE WORKSHOP January 29, 2019 Kings River Water Quality Coalition

MEMBER COMPLIANCE ASSISTANCE WORKSHOP January 29, 2019 Kings River Water Quality Coalition TODAYS AGENDA Welcome and Overview Barriers to Adoption Study Results Upcoming Changes to General Orders Member Obligations for 2018

780 views • 62 slides
Academic conduct: truth in reporting and conflict of interest By Diala Lteif, William Frazer and

Academic conduct: truth in reporting and conflict of interest By Diala Lteif, William Frazer and

Academic conduct: truth in reporting and conflict of interest By Diala Lteif, William Frazer and Bassel El Mabsout Sections 1. Honest Data 2. Conflict of Interest 3. Plagiarism 4. Allocation of credit 5. Data Privacy 6. Handling

354 views • 23 slides
Todays Event :Todays webinar: Reporting during and after Covid-19 less is more? The

Todays Event :Todays webinar: Reporting during and after Covid-19 less is more? The

Todays Event :Todays webinar: Reporting during and after Covid-19 less is more? The virtual event will be starting shortly, at 08:30 We recommend you join with computer audio for the best sound quality. This is an interactive

321 views • 9 slides
HMIS Training Series Summer 2015 For: HMIS System Administrators Part 2 Reporting from HMIS

HMIS Training Series Summer 2015 For: HMIS System Administrators Part 2 Reporting from HMIS

HMIS Training Series Summer 2015 For: HMIS System Administrators Part 2 Reporting from HMIS AUGUST 2015 2 All content has been approved by: U.S. Department of Housing and Urban Development Office of Special Needs Assistance Programs

445 views • 17 slides

More recommend