Embed Size (px)
Citation preview
FileWall : Implementing File Access Policies Using Dynamic Access Context
Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode
DiscoLab
Department of Computer Science
Rutgers University
Workshop on Spontaneous Networking
May 12, 2006
Workshop on Spontaneous Networking
Organization:Too many files, directories, servers
Protection:Left to the discretion of the owner
Dynamism:Cannot be incorporated without file system extension
Workshop on Spontaneous Networking
Organization:Too many files, directories, servers
Protection:Left to the discretion of the owner
Dynamism:Cannot be incorporated without file system extension
Administrator has little control over file access policiesAdministrator has little control over file access policies
Workshop on Spontaneous Networking
File names are powerfulCan be used to implement access policies
All file system access are performed through messages
Message transformations can be used to enforce policies
File system state can be constructed using information contained in messages
Workshop on Spontaneous Networking
File names are powerfulCan be used to implement access policies
All file system access are performed through messages
Message transformations can be used to enforce policies
File system state can be constructed using information contained in messages
Access policies can be implemented by interposition and message transformation
Access policies can be implemented by interposition and message transformation
Workshop on Spontaneous Networking
Interposes on the client-server path
Stores network flow history
Evaluates each message against the firewall policies
Passes-through, drops, or transforms network packets
Workshop on Spontaneous Networking
Interposes on client-server path
Stores file access history
Evaluates each message against FileWall policies
Transforms file systemmessages
Workshop on Spontaneous Networking
Interposes on client-server path
Stores file access history
Evaluates each message against FileWall policies
Transforms file systemmessages
FileWall constructs virtual namespaces using file system namespaces and access policies through
message transformation
FileWall constructs virtual namespaces using file system namespaces and access policies through
message transformation
Workshop on Spontaneous Networking
Access controlQuality of Service (QoS)File system organizationIntrusion detectionInformation Lifecycle Management (ILM)Data transformations
Workshop on Spontaneous Networking
MotivationDesign
Access ContextFileWall Policies
ImplementationEvaluationRelated WorkConclusions
Workshop on Spontaneous Networking
Access historyAccess statistics
Sequence of accessesDescribes user behavior
EnvironmentTime, available disk space, CPU load, etc.
Workshop on Spontaneous Networking
RequirementsCompact representation
Contain semantic information which describes user behavior
Easy to understand and specify
Soft state
Workshop on Spontaneous Networking
Node = file runGroups of accesses performed by same applicationOpen to close or approximate using clustered accesses
AttributesFile nameType of run (READ, WRITE, etc.)Operation count
EdgeRun started after and ended before parent
Depth-first traversal defines sequence of runs in an access tree
Workshop on Spontaneous Networking
Root
Workshop on Spontaneous Networking
Read 1
Root
1
Workshop on Spontaneous Networking
Read 1, Create/Delete 2
Root
1
2
Workshop on Spontaneous Networking
Read 1, Create/Delete 2, Read/Write 3
Root
1
2
3
Workshop on Spontaneous Networking
Read 1, Create/Delete 2, Read/Write 3, Write 1
Root
1
2
3 1
Workshop on Spontaneous Networking
MotivationDesign
Access ContextFileWall Policies
ImplementationEvaluationRelated WorkConclusions
Workshop on Spontaneous Networking
Transform messages (requests and replies)Sequence of rules
INPUT and OUTPUT
Use:Access context
File attributes contained in messages
Workshop on Spontaneous Networking
Policy: Show files accessed today
For each client-visible file:Access Time = TODAY
Transform directory listing messagesREADDIR and READDIRPLUS
Workshop on Spontaneous Networking
AccessContext
Policies
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
MREADDIR
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIR
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIR
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIR READDIRPLUS
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
AccessContext
Policies
READDIRPLUSREADDIR
FileWall
Workshop on Spontaneous Networking
INPUT Rule:int fwin(rpc_msg request) {
if (request.proc == READDIR) {
request.proc = READDIRPLUS;
return FORWARD;
}
}
OUTPUT Rule:int fwout(rpc_msg reply) {
if (reply.proc == READDIRPLUS) {
FOREACH entp in reply {
if (entp.atime == TODAY)
copy_entry(resp_entp, entp)
}
reply.entries = res_entp;
reply.proc = READDIR;
return FORWARD;
}
}
Specified as C programs and compiled as loadable shared modules
Specified as C programs and compiled as loadable shared modules
Workshop on Spontaneous Networking
MotivationDesign
Access ContextFileWall Policies
ImplementationEvaluationRelated WorkConclusions
Workshop on Spontaneous Networking
FileWall:Click Modular Router
NFS over UDP
Workshop on Spontaneous Networking
FileWallClick Modular Router
NFS over UDP
FileWall ClientSFS toolkit
Session establishment
BootstrappingIdentify list of available file systems
Workshop on Spontaneous Networking
MotivationDesign
Access ContextFileWall Policies
ImplementationEvaluationRelated WorkConclusions
Workshop on Spontaneous Networking
Workshop on Spontaneous Networking
General purpose serverEmail, user homes, web server
Files mounted over NFS
Web servers are prone to flash crowds
Current policiesRate limit number of requests
Disable web server
Workshop on Spontaneous Networking
Access contextRate of sequential file reads, directory listings, etc.
PolicyHide files with rate greater than a thresholdShow files again when rate falls below threshold
Only the source of the flash crowd disappears from the namespace
Workshop on Spontaneous Networking
Workshop on Spontaneous Networking
Infokernel [Arpaci-Dusseau 03], firewall/NAT
Access ContextDesktop search [Soules 03]
File system prefetching [Amer 02, Lei 97]
Enforcing enterprise-wide policies [He 05]
Semantic file systems [Sheldon 91, Pike 93, Neuman 92, Rao 93]
Extensible file systems [Zadok 00, Tewari 05]
Workshop on Spontaneous Networking
User studyReal deployment
Behavior models
Workshop on Spontaneous Networking
User studyReal deployment
Behavior models
Policy languageConstraints
Debugging and logging
Workshop on Spontaneous Networking
User studyReal deploymentBehavior models
Policy languageConstraintsDebugging and logging
Data transformationsCensorshipProtocol translations
NFS -> CIFSRecipe-based file system (CASPER)IP -> RDMA
Video encodingContent adaptation
Workshop on Spontaneous Networking
Per-file access policies can be enforced using virtual namespaces
No client or server modification required
Soft state maintenance required
Workshop on Spontaneous Networking
Per-file access policies can be enforced using virtual namespaces
No client or server modification required
Soft state maintenance required
Provides administrators the ability to define a wide variety of access policies
Protect file systems
Provide quality of service
Workshop on Spontaneous Networking
Dell Poweredge 2600 systemsDual 2.4GHz Intel Xeon processors
1GB RAM
36GB 15000 RPM SCSI disk
Linux
Gigabit Ethernet switch
Workshop on Spontaneous Networking
Workshop on Spontaneous Networking
Expressive
Deployable
Scalable
Available
