Scaling Security for Big, Parallel File Systems Andrew Leung and - - PowerPoint PPT Presentation
Scaling Security for Big, Parallel File Systems Andrew Leung and Ethan Miller University of California, Santa Cruz {aleung, elm}@cs.ucsc.edu FAST 2007 Work-in-Progress Motivation Large systems hard to secure Upwards of hundreds of
❖ Large systems hard to secure
❖ HPC workloads are demanding
❖ How do we scale security for such a file system?
2
❖ Reduces capability generation ❖ Authorize I/O for any number of users and files ❖ Secured w/ asymmetric cryptography ❖ Enforces confinement w/ Merkle hash trees
3
Extended Capability Cap Cap Cap Users root hash Files root hash Mode T_start, T_end Signature Authorize I/O for multiple users & !les Verify Sign Cache Cap Perform I/O MDS OSD Client
❖ Revocation is scalable ❖ Capabilities have short lifetimes ❖ expiration = revocation ❖ Shift problem from revocation to renewal
4 MDS Client OSD T1 C1 C2 C3 T2 C2 C1 C3 !"#"$%&%'%()*(+#%,(*"'*-. C4 C4 /(0(1"& /(23()' !45*!6 7+'(0)%80 9:;5 7+'(0 9:;5 7+'(0 9:;5 7+'(0 C1 C4 C6 C5 Cn C1 T2, T3 7+'(0)%80*<8, 0*="#)*30'%& '%>(*-?
❖ Secure group computation ❖ Open a file on behalf of many ❖ Delegate key pair rather than capability alone ❖ POSIX I/O extension: openg() and openfh()
5
Comp Prv Key Comp Pub Key
Comp Pub Key Client creates Pub/Prv compute keys Client MDS OSD File Handle Path, Mode Capability T_s, T_e Signature Cap names comp pub key File Handle, Prv Key I/O I/O I/O
❖ Initial design discussion in an earlier paper ❖ Being implemented in Ceph petascale, parallel file system ❖ Future work:
❖ Questions?
6