Dike : Virtualization-aware Access Control for Multitenant Filesystems

In a virtualization environment that serves multiple customers (or tenants), storage consolidation at the filesystem level is desirable because it enables data sharing, administration efficiency, and performance optimization. Today the scalable deployment of filesystems in such environments is challenging due to intermediate translation layers required for purposes of networked file access or identity management. First we analyze the security requirements in multitenant filesystems. Then we introduce the Dike authorization architecture, which combines native access control with tenant namespace isolation that is backwards compatible to object-based filesystems. We experimentally evaluate a prototype implementation that we developed, and show that our solution incurs limited added performance overhead.

[1]  Angelos D. Keromytis,et al.  Proceedings of the Freenix Track: 2003 Usenix Annual Technical Conference Secure and Flexible Global File Sharing , 2022 .

[2]  Tal Garfinkel,et al.  Virtualization Aware File Systems: Getting Beyond the Limitations of Virtual Disks , 2006, NSDI.

[3]  Carlos Maltzahn,et al.  Ceph: a scalable, high-performance distributed file system , 2006, OSDI '06.

[4]  Andrew W. Leung,et al.  Scalable security for petascale parallel file systems , 2007, Proceedings of the 2007 ACM/IEEE Conference on Supercomputing (SC '07).

[5]  Angelos D. Keromytis,et al.  Decentralized access control in distributed file systems , 2008, CSUR.

[6]  Diana K. Smetters,et al.  How users use access control , 2009, SOUPS.

[7]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[8]  J. Bottomley,et al.  VirtFS — A virtualization aware File System pass-through , 2010 .

[9]  Randal C. Burns,et al.  Practical protection for personal storage in the cloud , 2010, EUROSEC '10.

[10]  Justin P. Miller,et al.  Enabling Lustre WAN for production use on the TeraGrid: a lightweight UID mapping scheme , 2010 .

[11]  Nick Feamster,et al.  SilverLine: Data and Network Isolation for Cloud Services , 2011, HotCloud.

[12]  Robert Haas,et al.  A Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds , 2011, Middleware.

[13]  Dutch T. Meyer,et al.  Namespace Management in Virtual Desktops , 2011, login Usenix Mag..

[14]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[15]  Jeff Darcy Building a Cloud File System , 2011, login Usenix Mag..

[16]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[17]  Giorgos Margaritis,et al.  Nephele: Scalable Access Control for Federated File Services , 2012, Journal of Grid Computing.

[18]  Timothy Grance,et al.  Cloud Computing Synopsis and Recommendations , 2012 .

[19]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.