1 / 49

FileWall : Implementing File Access Policies Using Dynamic Access Context

FileWall : Implementing File Access Policies Using Dynamic Access Context. Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode DiscoLab Department of Computer Science Rutgers University Workshop on Spontaneous Networking May 12, 2006. File System Management. Organization:

field
Télécharger la présentation

FileWall : Implementing File Access Policies Using Dynamic Access Context

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FileWall : Implementing File Access Policies Using Dynamic Access Context Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode DiscoLab Department of Computer Science Rutgers University Workshop on Spontaneous Networking May 12, 2006

  2. File System Management • Organization: • Too many files, directories, servers… • Protection: • Left to the discretion of the owner • Dynamism: • Cannot be incorporated without file system extension Workshop on Spontaneous Networking

  3. File System Management • Organization: • Too many files, directories, servers… • Protection: • Left to the discretion of the owner • Dynamism: • Cannot be incorporated without file system extension Administrator has little control over file access policies Workshop on Spontaneous Networking

  4. Observations • File names are powerful • Can be used to implement access policies • All file system access are performed through messages • Message transformations can be used to enforce policies • File system state can be constructed using information contained in messages Workshop on Spontaneous Networking

  5. Observations • File names are powerful • Can be used to implement access policies • All file system access are performed through messages • Message transformations can be used to enforce policies • File system state can be constructed using information contained in messages Access policies can be implemented by interposition and message transformation Workshop on Spontaneous Networking

  6. FireWall • Interposes on the client-server path • Stores network flow history • Evaluates each message against the firewall policies • Passes-through, drops, or transforms network packets Workshop on Spontaneous Networking

  7. FileWall • Interposes on client-server path • Stores file access history • Evaluates each message against FileWall policies • Transforms file system messages Workshop on Spontaneous Networking

  8. FileWall • Interposes on client-server path • Stores file access history • Evaluates each message against FileWall policies • Transforms file system messages FileWall constructs virtual namespaces using file system namespaces and access policies through message transformation Workshop on Spontaneous Networking

  9. Applications of FileWall Model • Access control • Quality of Service (QoS) • File system organization • Intrusion detection • Information Lifecycle Management (ILM) • Data transformations • … Workshop on Spontaneous Networking

  10. Outline • Motivation • Design • Access Context • FileWall Policies • Implementation • Evaluation • Related Work • Conclusions Workshop on Spontaneous Networking

  11. Access Context • Access history • Access statistics • Sequence of accesses • Describes user behavior • Environment • Time, available disk space, CPU load, etc. Workshop on Spontaneous Networking

  12. Maintaining Access Context • Requirements • Compact representation • Contain semantic information which describes user behavior • Easy to understand and specify • Soft state Workshop on Spontaneous Networking

  13. Access Tree • Node = file “run” • Groups of accesses performed by same application • Open to close or approximate using clustered accesses • Attributes • File name • Type of run (READ, WRITE, etc.) • Operation count • Edge • Run started after and ended before parent • Depth-first traversal defines sequence of runs in an access tree Workshop on Spontaneous Networking

  14. Access Tree Example Root Workshop on Spontaneous Networking

  15. Access Tree Example Read 1 Root 1 Workshop on Spontaneous Networking

  16. Access Tree Example Read 1, Create/Delete 2 Root 1 2 Workshop on Spontaneous Networking

  17. Access Tree Example Read 1, Create/Delete 2, Read/Write 3 Root 1 3 2 Workshop on Spontaneous Networking

  18. Access Tree Example Read 1, Create/Delete 2, Read/Write 3, Write 1 Root 1 3 1 2 Workshop on Spontaneous Networking

  19. Outline • Motivation • Design • Access Context • FileWall Policies • Implementation • Evaluation • Related Work • Conclusions Workshop on Spontaneous Networking

  20. FileWall Policies • Transform messages (requests and replies) • Sequence of rules • INPUT and OUTPUT • Use: • Access context • File attributes contained in messages Workshop on Spontaneous Networking

  21. FileWall Policy Example • Policy: “Show files accessed today” • For each client-visible file: • Access Time = TODAY • Transform directory listing messages • READDIR and READDIRPLUS Workshop on Spontaneous Networking

  22. FileWall Policy Example Policies Access Context FileWall Workshop on Spontaneous Networking

  23. FileWall Policy Example Policies READDIR M Access Context FileWall Workshop on Spontaneous Networking

  24. FileWall Policy Example Policies READDIR Access Context FileWall Workshop on Spontaneous Networking

  25. FileWall Policy Example Policies READDIR Access Context FileWall Workshop on Spontaneous Networking

  26. FileWall Policy Example Policies READDIR READDIRPLUS Access Context FileWall Workshop on Spontaneous Networking

  27. FileWall Policy Example Policies READDIRPLUS Access Context FileWall Workshop on Spontaneous Networking

  28. FileWall Policy Example Policies READDIRPLUS Access Context FileWall Workshop on Spontaneous Networking

  29. FileWall Policy Example Policies READDIRPLUS Access Context FileWall Workshop on Spontaneous Networking

  30. FileWall Policy Example Policies READDIR READDIRPLUS Access Context FileWall Workshop on Spontaneous Networking

  31. INPUT Rule: int fwin(rpc_msg request) { if (request.proc == READDIR) { request.proc = READDIRPLUS; return FORWARD; } } OUTPUT Rule: int fwout(rpc_msg reply) { if (reply.proc == READDIRPLUS) { FOREACH entp in reply { if (entp.atime == TODAY) copy_entry(resp_entp, entp) } reply.entries = res_entp; reply.proc = READDIR; return FORWARD; } } Policy Descriptors Specified as C programs and compiled as loadable shared modules Workshop on Spontaneous Networking

  32. Outline • Motivation • Design • Access Context • FileWall Policies • Implementation • Evaluation • Related Work • Conclusions Workshop on Spontaneous Networking

  33. Implementation • FileWall: • Click Modular Router • NFS over UDP Workshop on Spontaneous Networking

  34. Implementation • FileWall • Click Modular Router • NFS over UDP • FileWall Client • SFS toolkit • Session establishment • Bootstrapping • Identify list of available file systems Workshop on Spontaneous Networking

  35. Outline • Motivation • Design • Access Context • FileWall Policies • Implementation • Evaluation • Related Work • Conclusions Workshop on Spontaneous Networking

  36. Interposition Overhead: Emacs Compilation Workshop on Spontaneous Networking

  37. Case Study: Flash Crowd Mitigation • General purpose server • Email, user homes, web server • Files mounted over NFS • Web servers are prone to flash crowds • Current policies • Rate limit number of requests • Disable web server Workshop on Spontaneous Networking

  38. Mitigating Flash Crowds with FileWall • Access context • Rate of sequential file reads, directory listings, etc. • Policy • Hide files with rate greater than a threshold • Show files again when rate falls below threshold • Only the source of the flash crowd disappears from the namespace Workshop on Spontaneous Networking

  39. Results Workshop on Spontaneous Networking

  40. Related Work • Infokernel [Arpaci-Dusseau ‘03], firewall/NAT • Access Context • Desktop search [Soules ’03] • File system prefetching [Amer ’02, Lei ’97] • Enforcing enterprise-wide policies [He ’05] • Semantic file systems [Sheldon ’91, Pike ’93, Neuman ’92, Rao ’93] • Extensible file systems [Zadok ’00, Tewari ’05] Workshop on Spontaneous Networking

  41. Future Work • User study • Real deployment • Behavior models Workshop on Spontaneous Networking

  42. Future Work • User study • Real deployment • Behavior models • Policy language • Constraints • Debugging and logging Workshop on Spontaneous Networking

  43. Future Work • User study • Real deployment • Behavior models • Policy language • Constraints • Debugging and logging • Data transformations • Censorship • Protocol translations • NFS -> CIFS • Recipe-based file system (CASPER) • IP -> RDMA • Video encoding • Content adaptation Workshop on Spontaneous Networking

  44. Conclusions • Per-file access policies can be enforced using virtual namespaces • No client or server modification required • Soft state maintenance required Workshop on Spontaneous Networking

  45. Conclusions • Per-file access policies can be enforced using virtual namespaces • No client or server modification required • Soft state maintenance required • Provides administrators the ability to define a wide variety of access policies • Protect file systems • Provide quality of service Workshop on Spontaneous Networking

  46. Thank You Questions?

  47. Evaluation • Dell Poweredge 2600 systems • Dual 2.4GHz Intel Xeon processors • 1GB RAM • 36GB 15000 RPM SCSI disk • Linux • Gigabit Ethernet switch Workshop on Spontaneous Networking

  48. QoS Policy Workshop on Spontaneous Networking

  49. Policy Enforcement Requirements • Expressive • Deployable • Scalable • Available Workshop on Spontaneous Networking

More Related