Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working Set-Based Access Control for Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science.

Similar presentations


Presentation on theme: "Working Set-Based Access Control for Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science."— Presentation transcript:

1 Working Set-Based Access Control for Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science Rutgers, The State University of New Jersey { smaldone, vinodg, iftode

2 June 5, 2009SACMAT Mobile Access to Network File Systems Increasing Network File Servers Personal Device Corporate Intranet VPN Server Firewall Internet VPN File Accesses

3 June 5, 2009SACMAT The Working Set Concept The working set of a process is the collection of information referenced by the process during a time interval. [Denning 1968] –Temporal locality of a process memory accesses –Memory pages to keep resident in memory to optimize performance now and in the near future –Informs memory page replacement algorithms to avoid thrashing

4 June 5, 2009SACMAT WSBAC: Working Set-Based Access Control Setting –Trusted Devices vs. Untrusted Devices Applies the working set principle to network file system security (access control) –Learn working set during trusted accesses –Enforce working set during untrusted accesses

5 June 5, 2009SACMAT 20095Contributions Working Set-Based Access Control (WSBAC) –Novel access control technique that estimates per-user file access working sets and enforces during access from untrusted devices Prototype Implementation of WSBAC for Network File Systems –POLEX: Working set policy extraction –POLEN: Working set policy enforcement Evaluation using Real-World Network File System Traces –Experimental evaluation of WSBAC using real-world NFS traces, which suggests that WSBAC is feasible and highly-effective

6 June 5, 2009SACMAT 20096Outline Introduction WSBAC Architecture FileWall WSBAC Design and Implementation Evaluation and Results Related Work Conclusions and Future Work

7 June 5, 2009SACMAT WSBAC Architecture Overview POLEX POLEN File Server Untrusted Devices Working Sets Trusted Network Domain (Corporate Intranet) POLEN Vault Area Trusted Devices

8 June 5, 2009SACMAT Working Sets Switch POLEX: POLicy EXtraction for Network File Systems File Server Policy View Namespace (PVN) POLEX Administrator Trusted Devices

9 June 5, 2009SACMAT POLEN: POLicy ENforcement for Network File Systems Working Sets File Server POLEN Untrusted Devices Reliable Secondary Authentication Mechanism WSBAC Virtual Namespace POLEN Vault Area

10 June 5, 2009SACMAT Implementation using FileWall Network File Server FileWall Network File System Client Network File System Accesses Network File System Protocols –Composed of client/server messages –Requests sent by client –Responses sent by server FileWall: An NFS Middlebox –Interposed on client/server path –External to client/server path

11 June 5, 2009SACMAT FileWall Architecture FileWall: A Firewall for Network File System, S. Smaldone, A. Bohra, and L. Iftode. In the Proceedings of the 3rd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'07). Scheduler Forwarder Access Context FileWall Policy Request Handler File Server … FS Client Response Handler

12 June 5, 2009SACMAT The POLEX Implementation The POLEX Implementation Forwarder Access Context POLEX Extraction Handler Scheduler Network File System Stream Administrator View Handlers Working Set Summaries (Bloom Filters)

13 June 5, 2009SACMAT The POLEN Implementation Forwarder Access Context POLEN Enforcement Handler Scheduler Network File System Stream Speculation Handler File Server Client or Vault Area Working Set Summaries (Bloom Filters)

14 June 5, 2009SACMAT Outline Introduction WSBAC Architecture FileWall WSBAC Design and Implementation Evaluation and Results Related Work Conclusions

15 June 5, 2009SACMAT Evaluation Goals –What are the working set estimation costs (space and time)? –How accurate is working set estimation? –How time sensitive are working set estimates? –How much does speculation reconciliation impact users? –What are the network file system performance overheads? Setup –Systems: Dual 2.4 GHz CPUs, 3 GB RAM, Linux 2.6 –Perform offline analysis using Harvard File System Traces [Ellard03] –Custom NFS fine-grained file access generation utility –OpenSSH compilation as application performance benchmark

16 June 5, 2009SACMAT POLEX Time and Storage Requirements Size of TraceTime to AnalyzeState Size 1 Day (~3.3 GB - 6,308,023 Req/Res Pairs)52 min154MB 1 Hour (~140 MB - 262,834 Req/Res Pairs)2.49 min154MB

17 June 5, 2009SACMAT POLEX Accuracy Average Error RateOver-Estimation Rate Run 11.08%31.6% Run 20.76%41.2% Run 31.02%42.5% Run 40.79%36.5% Run 50.97%42.9% Average0.92%38.9%

18 June 5, 2009SACMAT POLEX Sensitivity Day 1Day 2Day 3Day 4Day 5 User 10.26%0.03%0.02%0.01% User 20.31%4.4%0.0%3.3%0.27% User 30.37%0.36%0.82%2.5%0.61% User 40.48%1.8%0.55%0.66%0.11% User 50.18%0.28%0.18%0.34%0.27% Average0.32%1.4%0.31%1.4%0.27%

19 June 5, 2009SACMAT Speculation Rates AverageMaxMin 1.4%2.4%0.028% AverageMaxMin 7 speculative rqst/day12 speculative rqst/day>1 speculative rqst/day For Heavy Users (~500 rqst/day):

20 June 5, 2009SACMAT POLEN Operating Costs

21 June 5, 2009SACMAT POLEN Application Performance

22 June 5, 2009SACMAT Related Work Policy Extraction and Inference –RBAC Role Mining [Kuhlmann03, Schlegelmilch05] –XACML AC Property Inference [Anderson04, Martin06] –Firewall Policy Inference [Golnabi06, Tongaonkar07] –Gray-Box Systems [Arpaci-Dusseau01] Context-Aware Access Control –Secure Collaborations in Mobile Computing [Toninelli06] –Ubiquitous Services [Corradi04, Yokotama06] –Ad-Hoc Networks [Saidane07] –Web Services [Bhatti05, Kapsalis06]

23 June 5, 2009SACMAT Conclusions and Future Work WSBAC: Working Set-Based Access Control for Network File Systems –Access control technique that estimates per-user working sets to formulate access control policy for accesses from untrusted devices –Prototype design and implementation of POLEX and POLEN –Experimental evaluation suggests that WSBAC is highly effective, exhibiting low error rates Future Work: Real-World Deployment and User Study –Study qualitative impact on users (usability) –Produce better network file system traces for future access control studies

24 Thank You!

25 June 5, 2009SACMAT What is a Network File System? Network File Server Network File System Client Network File System Accesses Network File System Protocols –Composed of client/server messages –Requests sent by client –Responses sent by server NFS (UNIX), CIFS/Samba (Windows), etc.

26 June 5, 2009SACMAT Policy View Namespace (PVN) PVN Root PVN1 Control Shadow Mirrored FS Namespace FILE METADATA EFFECTIVE AC Shadow File Contents Start / Stop Collection Modify Collection Parameters Modify View Parameters

27 June 5, 2009SACMAT Alices Working Set Accuracy: Errors and Over-Estimations What does over-estimation mean? Alices Working Set What does an error mean? X X X O O O


Download ppt "Working Set-Based Access Control for Network File Systems Stephen Smaldone, Vinod Ganapathy, and Liviu Iftode DiscoLab - Department of Computer Science."

Similar presentations


Ads by Google