Virtualization-aware access control for multitenant filesystems

In a virtualization environment that serves multiple tenants, storage consolidation at the filesystem level is desirable because it enables data sharing, administration efficiency, and performance optimizations. The scalable deployment of filesystems in such environments is challenging due to intermediate translation layers required for networked file access or identity management. First we present several security requirements in multitenant filesystems. Then we introduce the design of the Dike authorization architecture. It combines native access control with tenant namespace isolation and compatibility to object-based filesystems. We use a public cloud to experimentally evaluate a prototype implementation of Dike that we developed. At several thousand tenants, our prototype incurs limited performance overhead up to 16%, unlike an existing solution whose multitenancy overhead approaches 84% in some cases.

[1]  J. Bottomley,et al.  VirtFS — A virtualization aware File System pass-through , 2010 .

[2]  Timothy Grance,et al.  Cloud Computing Synopsis and Recommendations , 2012 .

[3]  Alessandro Sorniotti,et al.  Secure Logical Isolation for Multi-tenancy in cloud storage , 2013, 2013 IEEE 29th Symposium on Mass Storage Systems and Technologies (MSST).

[4]  Nick Feamster,et al.  SilverLine: Data and Network Isolation for Cloud Services , 2011, HotCloud.

[5]  Arkady Kanevsky,et al.  FlexVol: Flexible, Efficient File Volume Virtualization in WAFL , 2008, USENIX Annual Technical Conference.

[6]  Carlos Maltzahn,et al.  Ceph: a scalable, high-performance distributed file system , 2006, OSDI '06.

[7]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[8]  Angelos D. Keromytis,et al.  Decentralized access control in distributed file systems , 2008, CSUR.

[9]  David Mazières,et al.  Decentralized user authentication in a global file system , 2003, SOSP '03.

[10]  Angelos D. Keromytis,et al.  Proceedings of the Freenix Track: 2003 Usenix Annual Technical Conference Secure and Flexible Global File Sharing , 2022 .

[11]  Elaine Shi,et al.  Cloud Data Protection for the Masses , 2012, Computer.

[12]  Randal C. Burns,et al.  Practical protection for personal storage in the cloud , 2010, EUROSEC '10.

[13]  Jeff Darcy Building a Cloud File System , 2011, login Usenix Mag..

[14]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[15]  Tal Garfinkel,et al.  Virtualization Aware File Systems: Getting Beyond the Limitations of Virtual Disks , 2006, NSDI.

[16]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[17]  Jim Zelenka,et al.  File server scaling with network-attached secure disks , 1997, SIGMETRICS '97.

[18]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[19]  Robert Haas,et al.  A Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds , 2011, Middleware.

[20]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[21]  Andrew W. Leung,et al.  Scalable security for petascale parallel file systems , 2007, Proceedings of the 2007 ACM/IEEE Conference on Supercomputing (SC '07).

[22]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[23]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[24]  Hai Huang,et al.  Understanding performance implications of nested file systems in a virtualized environment , 2012, FAST.

[25]  Audun Jøsang,et al.  Usability and Privacy in Identity Management Architectures , 2007, ACSW.

[26]  Dutch T. Meyer,et al.  Namespace Management in Virtual Desktops , 2011, login Usenix Mag..

[27]  Justin P. Miller,et al.  Enabling Lustre WAN for production use on the TeraGrid: a lightweight UID mapping scheme , 2010 .

[28]  Ming Zhao,et al.  Write policies for host-side flash caches , 2013, FAST.

[29]  Diana K. Smetters,et al.  How users use access control , 2009, SOUPS.

[30]  Erez Zadok,et al.  Virtual machine workloads: the case for new benchmarks for NAS , 2013, FAST.

[31]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[32]  Giorgos Margaritis,et al.  Nephele: Scalable Access Control for Federated File Services , 2012, Journal of Grid Computing.