Implementing User-Defined Security Policies in Cooperative Systems With Group Access Controls Jeffrey Hemmes 28 June June June 2015

Problem Need flexible access controls for shared storage Need flexible access controls for shared storage Existing systems either overly fine-grained or overly coarse-grained Existing systems either overly fine-grained or overly coarse-grained Groups may be distributed Groups may be distributed Cannot assume shared file system Cannot assume shared file system Users may not have root privileges Users may not have root privileges

Project Objectives Add decentralized groups to Chirp Add decentralized groups to Chirp Basic primitives Basic primitives Policy mechanisms – Caching Policy mechanisms – Caching Caching policies Caching policies Group files Group files Lookup decisions Lookup decisions ► Resource Owners Set Policy

ACL Checking without decentralized groups ACL File Server Client authentication acl_check ► all ACL checking performed locally

ACL Checking with decentralized groups ACL File Server A Client authentication lookup File Server B File Server C File Server D lookup

Policy Caching Pol C Pol D get_policy Pol B policy_cache File Server B ACL File Server A Client hostname port policy policy_exp file_exp dec_exp

Group File Caching get_file grp1 host B grp1 cache_file_index File Server B ACL File Server A Client grp1 hostname port grp_name file_name expiration

Decision Caching File Server B ACL File Server A Client lookup cache result decision_cache hostname port grp_name user_name result expiration

Performance Effect of Policy Caching on Interserver RPCs

Performance

Conclusion Groups → Flexible Access Controls Groups → Flexible Access Controls Group File & Policy Caching → Scalability Group File & Policy Caching → Scalability Decision Caching → Performance Decision Caching → Performance Consistency Tradeoffs → Security Policies Consistency Tradeoffs → Security Policies

Questions