Access control lists for the self-certifying filesystem

The Self-certifying File System (SFS) currently exports Unix filesystems. Consequently, file owners on SFS servers who want to give other users access to their files can do so only through the coarse-grained Unix access control mechanisms, which are based on locally defined user identifiers and group identifiers. Therefore, despite the fact that SFS was designed to be a global filesystem, it is impossible for a file owner to grant access permissions to a remote SFS user who does not maintain a Unix account on the local machine. Moreover, creating new user identifiers or group identifiers for the purpose of access control requires the involvement of the local machine’s administrator, a limitation that runs counter to the egalitarian spirit of SFS. This thesis describes the design and implementation of an alternative access control mechanism, which is based on Access Control Lists (ACLs). This mechanism affords SFS users much more flexibility in managing who and how can access their files, and does not require the assistance of the local realm’s system administrator. By allowing the use of public key hashes as identifiers of remote users, ACLs allow access control to extend beyond the local machine’s realm to all SFS users, in line with the spirit of SFS. Furthermore, in the future, our ACL mechanism could easily be extended to support access control for groups of users, such as “all MIT students”, whose composition is defined and maintained by a third party on any SFS server. Thesis Supervisor: M. Frans Kaashoek Title: Professor of Electrical Engineering and Computer Science Thesis Supervisor: David Mazieres Title: Assistant Professor of Computer Science

[1]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[2]  Don Davis Kerberos Plus RSA for World Wide Web Security , 1995, USENIX Workshop on Electronic Commerce.

[3]  David Mazières,et al.  Self-certifying file system , 2000 .

[4]  Pieter Retief Kasselman,et al.  Analysis and design of cryptographic hash functions , 1999 .

[5]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[6]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[7]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[8]  Spencer Shepler NFS Version 4 Requirements , 1998 .

[9]  Carl Smith,et al.  NFS Version 3: Design and Implementation , 1994, USENIX Summer.

[10]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[11]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[12]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[13]  Garret Swart,et al.  The Echo Distributed File System , 1996 .

[14]  Matthew H. Fredette An implementation of SDSI : the simple distributed security infrastructure , 1997 .

[15]  Spencer Shepler NFS Version 4 Design Considerations , 1999, RFC.

[16]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[17]  David Mazières,et al.  Escaping the evils of centralized control with self-certifying pathnames , 1998, EW 8.

[18]  Adi Shamir,et al.  On Digital Signatures and Public-Key Cryptosystems. , 1977 .

[19]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[20]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[21]  Rick Macklem The 4.4BSD NFS Implementation , 1998 .