Abstract
This paper presents an analysis of security requirements of large-scale distributed file systems. Our objective is to identify their generic as well as specific security requirements and to propose potential solutions that can be employed to address these requirements. FileStamp – a multi-writer distributed file system developed at CETIC is considered as a case study for this analysis. This analysis yields that the existing range of security solutions can be employed to secure large-scale distributed file systems. However, they should be holistically employed to triumph over the security chinks in the FileStamp’s armor.
This research work is supported by the European Network of ExcellenceCoreGRID (project reference number 004265). The network aims at strengthening and advancing scientific and technological excellence in the area of Grid and Peer-to-Peer technologies. The CoreGRID webpage is located at www.coregrid.net
Chapter PDF
Similar content being viewed by others
References
Dabek, F., Kaashoek, M., Karger, D., Morris, R., Stoica, I.: Wide-Area Cooperative Storage with CFS. In: Proceedings of 18th ACM Symposium on Operating Systems Principles (SOSP’01), chateau Lake Louise, Banff, Canada, October 2001, ACM, New York (2001)
INRIA Project PASTIS, http://regal.lip6.fr/projects/pastis/pastis_fr.html
Rowstron, A., Druschel, P.: Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)
Druschel, P., Rowstron, A.: Past: Persistent and Anonymous Storage in a Peer-to-Peer Networking Environment. In: Proceedings of the 8th IEEE Workshop on Hot Topics in Operating Systems (HotOS-VIII), pp. 65–70. IEEE Computer Society Press, Los Alamitos (2001)
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for Grid Services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC’03), IEEE Computer Society Press, Los Alamitos (2003)
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of High Performance Computing Application 15(3), 200–222 (2001)
Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., Welch, V.: The Community Authorization Service: Status and Future. In: Proceedings of Computing in High Energy Physics 03 (CHEP ’03), La Jolla, California, USA, March 24-28 (2003)
Allcock, W., et al.: GridFTP: Protocol extensions to FTP for the Grid, GGF Document Series GFD.20 (April 2003)
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. ACM Conference Proceedings, pp. 83-92 (1998)
Rescorla, E.: Hyper Text Transfer Protocol (HTTP) over Transport Layer Security (TLS), Internet Engineering Task Force (IETF) draft RFC # 2818 (May 2000)
Chokhani, S.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, Internet Engineering Task Force (IETF) draft RFC # 2527 (March 1999)
Thompson, M., Olson, D., Cowles, R., Mullen, S., Helm, M.: CA-based Trust Issues for Grid Authentication and Identity Delegation, Global Grid Forum (GGF) Certification Authority Operations Working Group Community Practices (Oct. 2002)
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly & Associates, Sebastopol (1994)
Barret, D., Silverman, R.: SSH: The Secure Shell. O’Reilly & Associates, Sebastopol (2001)
Ellison, C.: SPKI Requirements, IETF RFC 2692 (1999), http://www.ietf.org/rfc/rfc2692.txt
The Certification Authority of Belgian Grid Initiative, http://www.begrid.be/certification.htm
Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2002)
Ferraiolo, D., Cugini, J., Kuhn, D.: Role Based Access Control (RBAC): Features and Motivations. In: Proceedings of the 11th Computer Security Applications Conference, New Orleans, LA, USA, 11-15 December, pp. 241–248 (1995)
Foster, I., Kesselman, C.: Globus: A Metacomputing Infrastructure Toolkit. International Journal of Supercomputer Applications 11(2), 115–129 (1998)
VOMS Architecture v1.1 (May 2002), http://gridauth.infn.it/docs/VOMS-v1_1_OnlinePDF.pdf
Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: 8th Usenix Security Symposium (1999)
Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: 7th ACM Symposium on Access Control Models and Technologies, ACM Press, New York (2002)
National Institute of Standards and Technology, Secure Hash Standard. Federal Information Processing Standards Publication 180-1, April 17 (1995)
Olmedilla, D., Rana, O., Matthews, B., Nejdl, W.: Security and Trust Issues in Semantic Grids. Proceedings of Schloss Dagstuhl Seminar no. 05271: Semantic Grid: The Convergence of Technologies, Dagstuhl, Germany, July 03-08 (2005)
Czajkowski, K., Foster, I., Kesselman, C., Sander, V., Tuecke, S.: SNAP: A Protocol for Negotiating Service Level Agreements and Coordinating Resource Management in Distributed Systems. In: Feitelson, D.G., Rudolph, L., Schwiegelshohn, U. (eds.) JSSPP 2002. LNCS, vol. 2537, pp. 3–540. Springer, Heidelberg (2002)
Silicon Graphics Incorporate (SGI), SGI and Intel on the Grid – Unique Capabilities for Grid Computing, Whitepaper (2005)
Watson, R.: High Performance Storage System Scalability: Architecture, Implementation and Experience. In: Proceedings of 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies 2005, 11-14 April, pp. 145–159. IEEE Computer Society Press, Los Alamitos (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Naqvi, S., Poitou, O., Massonet, P., Arenas, A. (2007). Security Requirements Analysis for Large-Scale Distributed File Systems . In: Lehner, W., Meyer, N., Streit, A., Stewart, C. (eds) Euro-Par 2006 Workshops: Parallel Processing. Euro-Par 2006. Lecture Notes in Computer Science, vol 4375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72337-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-72337-0_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72226-7
Online ISBN: 978-3-540-72337-0
eBook Packages: Computer ScienceComputer Science (R0)