ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Cryptographic access control in a distributed file system
Full text PdfPdf (249 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents
Como, Italy
SESSION: Access Control Models and Mechanisms table of contents
Pages: 158 - 165  
Year of Publication: 2003
ISBN:1-58113-681-1
Authors
Anthony Harrington  Trinity College Dublin
Christian Jensen  Technical University of Denmark
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 33,   Downloads (12 Months): 141,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775432
What is a DOI?

ABSTRACT

Traditional access control mechanisms rely on a reference monitor to mediate access to protected resources. Reference monitors are inherently centralized and existing attempts to distribute the functionality of the reference monitor suffer from problems of scalability.Cryptographic access control is a new distributed access control paradigm designed for a global federation of information systems. It defines an implicit access control mechanism, which relies exclusively on cryptography to provide confidentiality and integrity of data managed by the system. It is particularly designed to operate in untrusted environments where the lack of global knowledge and control are defining characteristics.The proposed mechanism has been implemented in a distributed file system, which is presented in this paper along with a preliminary evaluation of the proposed mechanism.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
J. P. Anderson. Computer security planning study. Technical Report 73--51, Air Force Electronic System Division, 1972.
 
2
E. Belani, A. Thornton, and M. Zhou. Authentication and security in WebFS, January 1997.
 
3
E. Belani, A. Vahdat, T. Anderson, and M. Dahlin. The crisis wide area security architecture. In Proceedings of the 7th USENIX Security Symposium, pages 15--29, San Antonio, Texas, U.S.A., January 1998.
4
Matt Blaze, A cryptographic file system for UNIX, Proceedings of the 1st ACM conference on Computer and communications security, p.9-16, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168590]
 
5
G. Cattaneo and G. Persiano. Design and implementation of a transparent cryptographic filesystem for Unix. Unpublished Technical Report, ftp://edu-gw.dia.unisa.it/pub/tcfs/docs/tcfs.ps.gz,, July 1997.
 
6
C. Czezatke and M. A. Ertl. LinLogFS --- a log-structured filesystem for Linux. In Freenix Track of Usenix Annual Technical Conference, pages 77--88, 2000.
 
7
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Spki certificate theory. Technical Report 2693, Network Working Group, IETF, September 1999.
8
Michael J. Fischer , Nancy A. Lynch , Michael S. Paterson, Impossibility of distributed consensus with one faulty process, Journal of the ACM (JACM), v.32 n.2, p.374-382, April 1985  [doi>10.1145/3149.214121]
 
9
K. Fu, M. F. Kaashoek, and D. Mazières. Fast and secure distributed read-only file system. In Proceedigs of the 4th Symposium on Operating Systems Design and Implementation, pages 181--196, San Diego, California, U.S.A., October 2000.
 
10
A. Harrington. Cryptographic access control for a network file system. Master's thesis, Trinity College, Dublin, 2001.
11
John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988  [doi>10.1145/35037.35059]
 
12
J. Kohl and C. Neuman. The kerberos network authentication service (v5). Request for Comments (RFC) 1510, Network Working Group, IETF, September 1993.
13
Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992  [doi>10.1145/138873.138874]
 
14
B. W. Lampson. Protection. In Proceedings of the 5th Princeton Symposium on Information Sciences and Systems, pages 437--443, mars 1971. reprinted in Operating Systems Review, 8, 1 January 1974 pages 18--24.
15
Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990  [doi>10.1145/77648.77649]
 
16
D. Mazières. Security and decentralised control in the SFS distributed file system. Master's thesis, MIT Laboratory of Computer Science, 1997.
17
David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.124-139, December 12-15, 1999, Charleston, South Carolina, United States
18
Brian D. Noble , Ben Fleis , Landon P. Cox, Deferring trust in fluid replication, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark  [doi>10.1145/566726.566745]
 
19
T. S. S. of~ITU. Information Technology --- Opens Systems Interconnection --- The Directory: Authentication Framework. Number X.509 in ITU--T Recomandation. International Telecomunication Union, November 1993. Standard international ISO/IEC 9594--8 : 1995 (E).
 
20
J. T. Regan and C. D. Jensen. Capability file names: Separating authorisation from user management in an internet file system. In Proceedings of the 2001 USENIX Security Symposium, pages 221--234, Washington D.C., U.S.A., August 2001.
 
21
P. Reiher, T. Page, S. Crocker, J. Cook, and G. Popek. Truffles---a secure service for widespread file sharing, 1993.
22
Mendel Rosenblum , John K. Ousterhout, The design and implementation of a log-structured file system, ACM Transactions on Computer Systems (TOCS), v.10 n.1, p.26-52, Feb. 1992  [doi>10.1145/146941.146943]
23
J. H. Saltzer , D. P. Reed , D. D. Clark, End-to-end arguments in system design, ACM Transactions on Computer Systems (TOCS), v.2 n.4, p.277-288, Nov. 1984  [doi>10.1145/357401.357402]
 
24
R. Sandberg, D. Goldberg, K. S, D. Walsh, and B. Lyon. Design and implementation of the Sun Network File System. In Proceedings of the Summer 1985 USENIX Conference, pages 119--130, Portland, Oregon, <C9>tats--Unis, June 1985.
25
Douglas S. Santry , Michael J. Feeley , Norman C. Hutchinson , Alistair C. Veitch , Ross W. Carton , Jacob Ofir, Deciding when to forget in the Elephant file system, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.110-123, December 12-15, 1999, Charleston, South Carolina, United States
26
M. Satyanarayanan, A study of file sizes and functional lifetimes, Proceedings of the eighth ACM symposium on Operating systems principles, p.96-108, December 14-16, 1981, Pacific Grove, California, United States
27
M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989  [doi>10.1145/65000.65002]
 
28
Mahadev Satyanarayanan, Scalable, Secure, and Highly Available Distributed File Access, Computer, v.23 n.5, p.9-18, 20-21, May 1990  [doi>10.1109/2.53351]
 
29
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, and C. Hall. Twofish: a 128-bit block cipher, 1998.
 
30
M. I. Seltzer, K. Bostic, M. K. McKusick, and C. Staelin. An implementation of a log-structured file system for UNIX. In USENIX Winter, pages 307--326, 1993.
 
31
Sun Microsystems Inc. Nfs: Network file system protocol specification. Request for Comments (RFC) 1094, Network Working Group, March 1989.
 
32
A. S. Tanenbaum, S. J. Mullender, and R. van~Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference in Computing Systems, pages 558--563, June 1986.
 
33
A. Vahdat, P. Eastham, and T. Anderson. Webfs: A global cache coherent file system. Department of Computer Science, UC Berkeley, Technical Draft, 1996.
 
34
R. van Renesse, A. S. Tanenbaum, and A. Wilschut. The design of a high-performance file server. In Proceedings of the 9th International Conference on Distributed Computing Systems (ICDCS), pages 22--27, Washington, DC, 1989. IEEE Computer Society.
35
Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, ACM Transactions on Computer Systems (TOCS), v.12 n.1, p.3-32, Feb. 1994  [doi>10.1145/174613.174614]
 
36
E. Zadok, I. Badulescu, and A. Shender. Cryptfs:~a stackable vnode level encryption file system. Technical report, Computer Science Department, Columbia University, 1998.

CITED BY  6
Sudip Chakraborty , Indrajit Ray, TrustBAC: integrating trust relationships into the RBAC model for access control in open systems, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Rachid Anane , Sukhvir Dhillon , Behzad Bordbar, Stateless data concealment for distributed systems, Journal of Computer and System Sciences, v.74 n.2, p.243-254, March, 2008
Christian Payne, A cryptographic access control architecture secure against privileged attackers, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
Giuseppe Ateniese , Kevin Fu , Matthew Green , Susan Hohenberger, Improved proxy re-encryption schemes with applications to secure distributed storage, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.1-30, February 2006
Bogdan Cautis, Distributed access control: a privacy-conscious approach, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Sabrina De Capitani di Vimercati , Sara Foresti , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, A data outsourcing architecture combining cryptography and access control, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Cryptographic controls


General Terms:
Security


Keywords:
access control, cryptography, network file systems

Collaborative Colleagues:
Anthony Harrington: colleagues
Christian Jensen: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player