FileWall: Implementing File Access Policies Using Dynamic ...discolab.rutgers.edu/workshops/2006/helsinki/slides/smaldone.pdf · Using Dynamic Access Context Stephen Smaldone, AniruddhaBohra,

FileWall : Implementing File Access Policies Using Dynamic Access Context

Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode

DiscoLab

Department of Computer Science

Rutgers University

Workshop on Spontaneous Networking

May 12, 2006


Organization:Too many files, directories, servers

Protection:Left to the discretion of the owner

Dynamism:Cannot be incorporated without file system extension


Organization:Too many files, directories, servers

Protection:Left to the discretion of the owner

Dynamism:Cannot be incorporated without file system extension

Administrator has little control over file access policiesAdministrator has little control over file access policies


File names are powerfulCan be used to implement access policies

All file system access are performed through messages

Message transformations can be used to enforce policies

File system state can be constructed using information contained in messages


File names are powerfulCan be used to implement access policies

All file system access are performed through messages

Message transformations can be used to enforce policies

File system state can be constructed using information contained in messages

Access policies can be implemented by interposition and message transformation

Access policies can be implemented by interposition and message transformation


Interposes on the client-server path

Stores network flow history

Evaluates each message against the firewall policies

Passes-through, drops, or transforms network packets


Interposes on client-server path

Stores file access history

Evaluates each message against FileWall policies

Transforms file systemmessages


Interposes on client-server path

Stores file access history

Evaluates each message against FileWall policies

Transforms file systemmessages

FileWall constructs virtual namespaces using file system namespaces and access policies through

message transformation

FileWall constructs virtual namespaces using file system namespaces and access policies through

message transformation


Access controlQuality of Service (QoS)File system organizationIntrusion detectionInformation Lifecycle Management (ILM)Data transformations


MotivationDesign

Access ContextFileWall Policies

ImplementationEvaluationRelated WorkConclusions


Access historyAccess statistics

Sequence of accessesDescribes user behavior

EnvironmentTime, available disk space, CPU load, etc.


RequirementsCompact representation

Contain semantic information which describes user behavior

Easy to understand and specify

Soft state


Node = file runGroups of accesses performed by same applicationOpen to close or approximate using clustered accesses

AttributesFile nameType of run (READ, WRITE, etc.)Operation count

EdgeRun started after and ended before parent

Depth-first traversal defines sequence of runs in an access tree


Root


Read 1

Root

1


Read 1, Create/Delete 2

Root

1

2


Read 1, Create/Delete 2, Read/Write 3

Root

1

2

3


Read 1, Create/Delete 2, Read/Write 3, Write 1

Root

1

2

3 1


MotivationDesign




Transform messages (requests and replies)Sequence of rules

INPUT and OUTPUT

Use:Access context

File attributes contained in messages


Policy: Show files accessed today

For each client-visible file:Access Time = TODAY

Transform directory listing messagesREADDIR and READDIRPLUS


AccessContext

Policies

FileWall


AccessContext

Policies

MREADDIR

FileWall


AccessContext

Policies

READDIR

FileWall


AccessContext

Policies

READDIR

FileWall


AccessContext

Policies

READDIR READDIRPLUS

FileWall


AccessContext

Policies

READDIRPLUS

FileWall


AccessContext

Policies

READDIRPLUS

FileWall


AccessContext

Policies

READDIRPLUS

FileWall


AccessContext

Policies

READDIRPLUSREADDIR

FileWall


INPUT Rule:int fwin(rpc_msg request) {

if (request.proc == READDIR) {

request.proc = READDIRPLUS;

return FORWARD;

}

}

OUTPUT Rule:int fwout(rpc_msg reply) {

if (reply.proc == READDIRPLUS) {

FOREACH entp in reply {

if (entp.atime == TODAY)

copy_entry(resp_entp, entp)

}

reply.entries = res_entp;

reply.proc = READDIR;

return FORWARD;

}

}

Specified as C programs and compiled as loadable shared modules

Specified as C programs and compiled as loadable shared modules


MotivationDesign




FileWall:Click Modular Router

NFS over UDP


FileWallClick Modular Router

NFS over UDP

FileWall ClientSFS toolkit

Session establishment

BootstrappingIdentify list of available file systems


MotivationDesign





General purpose serverEmail, user homes, web server

Files mounted over NFS

Web servers are prone to flash crowds

Current policiesRate limit number of requests

Disable web server


Access contextRate of sequential file reads, directory listings, etc.

PolicyHide files with rate greater than a thresholdShow files again when rate falls below threshold

Only the source of the flash crowd disappears from the namespace



Infokernel [Arpaci-Dusseau 03], firewall/NAT

Access ContextDesktop search [Soules 03]

File system prefetching [Amer 02, Lei 97]

Enforcing enterprise-wide policies [He 05]

Semantic file systems [Sheldon 91, Pike 93, Neuman 92, Rao 93]

Extensible file systems [Zadok 00, Tewari 05]


User studyReal deployment

Behavior models


User studyReal deployment

Behavior models

Policy languageConstraints

Debugging and logging


User studyReal deploymentBehavior models

Policy languageConstraintsDebugging and logging

Data transformationsCensorshipProtocol translations

NFS -> CIFSRecipe-based file system (CASPER)IP -> RDMA

Video encodingContent adaptation


Per-file access policies can be enforced using virtual namespaces

No client or server modification required

Soft state maintenance required


Per-file access policies can be enforced using virtual namespaces

No client or server modification required

Soft state maintenance required

Provides administrators the ability to define a wide variety of access policies

Protect file systems

Provide quality of service


Dell Poweredge 2600 systemsDual 2.4GHz Intel Xeon processors

1GB RAM

36GB 15000 RPM SCSI disk

Linux

Gigabit Ethernet switch



Expressive

Deployable

Scalable

Available

FileWall: Implementing File Access Policies Using Dynamic ...discolab.rutgers.edu/workshops/2006/helsinki/slides/smaldone.pdf · Using Dynamic Access Context Stephen Smaldone, AniruddhaBohra,

Documents