FileWall : Implementing File Access Policies Using Dynamic Access - - PowerPoint PPT Presentation

FileWall : Implementing File Access Policies Using Dynamic Access Context Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode

DiscoLab Department of Computer Science Rutgers University

Workshop on Spontaneous Networking May 12, 2006

Workshop on Spontaneous Networking

Organization:

Too many files, directories, servers

Protection:

Left to the discretion of the owner

Dynamism:

Cannot be incorporated without file system extension

Workshop on Spontaneous Networking

Organization:

Too many files, directories, servers

Protection:

Left to the discretion of the owner

Dynamism:

Cannot be incorporated without file system extension

Administrator has little control over file access policies Administrator has little control over file access policies

Workshop on Spontaneous Networking

File names are powerful

Can be used to implement access policies

All file system access are performed through messages

Message transformations can be used to enforce policies File system state can be constructed using information contained in messages

Workshop on Spontaneous Networking

File names are powerful

Can be used to implement access policies

All file system access are performed through messages

Message transformations can be used to enforce policies File system state can be constructed using information contained in messages Access policies can be implemented by interposition and message transformation Access policies can be implemented by interposition and message transformation

Workshop on Spontaneous Networking

Interposes on the client- server path Stores network flow history Evaluates each message against the firewall policies Passes-through, drops, or transforms network packets

Workshop on Spontaneous Networking

Interposes on client-server path Stores file access history Evaluates each message against FileWall policies Transforms file system messages

Workshop on Spontaneous Networking

Interposes on client-server path Stores file access history Evaluates each message against FileWall policies Transforms file system messages FileWall constructs virtual namespaces using file system namespaces and access policies through message transformation FileWall constructs virtual namespaces using file system namespaces and access policies through message transformation

Workshop on Spontaneous Networking

Access control Quality of Service (QoS) File system organization Intrusion detection Information Lifecycle Management (ILM) Data transformations

Workshop on Spontaneous Networking

Motivation Design

Access Context FileWall Policies

Implementation Evaluation Related Work Conclusions

Workshop on Spontaneous Networking

Access history

Access statistics Sequence of accesses

Describes user behavior

Environment

Time, available disk space, CPU load, etc.

Workshop on Spontaneous Networking

Requirements

Compact representation Contain semantic information which describes user behavior Easy to understand and specify Soft state

Workshop on Spontaneous Networking

Node = file run

Groups of accesses performed by same application Open to close or approximate using clustered accesses

Attributes

File name Type of run (READ, WRITE, etc.) Operation count

Edge

Run started after and ended before parent

Depth-first traversal defines sequence of runs in an access tree

Workshop on Spontaneous Networking

Root

Workshop on Spontaneous Networking

Read 1

Root 1

Workshop on Spontaneous Networking

Read 1, Create/Delete 2

Root 1 2

Workshop on Spontaneous Networking

Read 1, Create/Delete 2, Read/Write 3

Root 1 2 3

Workshop on Spontaneous Networking

Read 1, Create/Delete 2, Read/Write 3, Write 1

Root 1 2 3 1

Workshop on Spontaneous Networking

Motivation Design

Access Context FileWall Policies

Implementation Evaluation Related Work Conclusions

Workshop on Spontaneous Networking

Transform messages (requests and replies)

Sequence of rules INPUT and OUTPUT

Use:

Access context File attributes contained in messages

Workshop on Spontaneous Networking

Policy: Show files accessed today For each client-visible file:

Access Time = TODAY

Transform directory listing messages

READDIR and READDIRPLUS

Workshop on Spontaneous Networking

Access Context Policies

FileWall

Workshop on Spontaneous Networking

Access Context Policies

M

READDIR

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIR

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIR

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIR READDIRPLUS

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIRPLUS

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIRPLUS

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIRPLUS

FileWall

Workshop on Spontaneous Networking

Access Context Policies

READDIRPLUS READDIR

FileWall

Workshop on Spontaneous Networking

INPUT Rule:

int fwin(rpc_msg request) { if (request.proc == READDIR) { request.proc = READDIRPLUS; return FORWARD; } }

OUTPUT Rule:

int fwout(rpc_msg reply) { if (reply.proc == READDIRPLUS) { FOREACH entp in reply { if (entp.atime == TODAY) copy_entry(resp_entp, entp) } reply.entries = res_entp; reply.proc = READDIR; return FORWARD; } }

Specified as C programs and compiled as loadable shared modules Specified as C programs and compiled as loadable shared modules

Workshop on Spontaneous Networking

Motivation Design

Access Context FileWall Policies

Implementation Evaluation Related Work Conclusions

Workshop on Spontaneous Networking

FileWall:

Click Modular Router NFS over UDP

Workshop on Spontaneous Networking

FileWall

Click Modular Router NFS over UDP

FileWall Client

SFS toolkit Session establishment Bootstrapping

Identify list of available file systems

Workshop on Spontaneous Networking

Motivation Design

Access Context FileWall Policies

Implementation Evaluation Related Work Conclusions

Workshop on Spontaneous Networking

Workshop on Spontaneous Networking

General purpose server

Email, user homes, web server Files mounted over NFS

Web servers are prone to flash crowds Current policies

Rate limit number of requests Disable web server

Workshop on Spontaneous Networking

Access context

Rate of sequential file reads, directory listings, etc.

Policy

Hide files with rate greater than a threshold Show files again when rate falls below threshold

Only the source of the flash crowd disappears from the namespace

Workshop on Spontaneous Networking

Workshop on Spontaneous Networking

Infokernel [Arpaci-Dusseau 03], firewall/NAT Access Context

Desktop search [Soules 03] File system prefetching [Amer 02, Lei 97] Enforcing enterprise-wide policies [He 05]

Semantic file systems [Sheldon 91, Pike 93, Neuman 92, Rao 93] Extensible file systems [Zadok 00, Tewari 05]

Workshop on Spontaneous Networking

User study

Real deployment Behavior models

Workshop on Spontaneous Networking

User study

Real deployment Behavior models

Policy language

Constraints Debugging and logging

Workshop on Spontaneous Networking

User study

Real deployment Behavior models

Policy language

Constraints Debugging and logging

Data transformations

Censorship Protocol translations

NFS -> CIFS Recipe-based file system (CASPER) IP -> RDMA

Video encoding Content adaptation

Workshop on Spontaneous Networking

Per-file access policies can be enforced using virtual namespaces

No client or server modification required Soft state maintenance required

Workshop on Spontaneous Networking

Per-file access policies can be enforced using virtual namespaces

No client or server modification required Soft state maintenance required

Provides administrators the ability to define a wide variety of access policies

Protect file systems Provide quality of service

Workshop on Spontaneous Networking

Dell Poweredge 2600 systems

Dual 2.4GHz Intel Xeon processors 1GB RAM 36GB 15000 RPM SCSI disk

Linux Gigabit Ethernet switch

Workshop on Spontaneous Networking

Workshop on Spontaneous Networking

Expressive Deployable Scalable Available