View
219
Download
0
Embed Size (px)
Citation preview
FileWall : Implementing File Access Policies Using Dynamic Access Context
Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode
DiscoLab
Department of Computer Science
Rutgers University
Workshop on Spontaneous Networking
May 12, 2006
Workshop on Spontaneous Networking
File System Management
Organization: Too many files, directories, servers…
Protection: Left to the discretion of the owner
Dynamism: Cannot be incorporated without file system extension
Workshop on Spontaneous Networking
File System Management
Organization: Too many files, directories, servers…
Protection: Left to the discretion of the owner
Dynamism: Cannot be incorporated without file system extension
Administrator has little control over file access policiesAdministrator has little control over file access policies
Workshop on Spontaneous Networking
Observations
File names are powerful Can be used to implement access policies
All file system access are performed through messages Message transformations can be used to enforce policies File system state can be constructed using information
contained in messages
Workshop on Spontaneous Networking
Observations
File names are powerful Can be used to implement access policies
All file system access are performed through messages Message transformations can be used to enforce policies File system state can be constructed using information
contained in messages
Access policies can be implemented by interposition and message transformation
Access policies can be implemented by interposition and message transformation
Workshop on Spontaneous Networking
FireWall
Interposes on the client-server path
Stores network flow history
Evaluates each message against the firewall policies
Passes-through, drops, or transforms network packets
Workshop on Spontaneous Networking
FileWall
Interposes on client-server path
Stores file access history Evaluates each message
against FileWall policies Transforms file system
messages
Workshop on Spontaneous Networking
FileWall
Interposes on client-server path
Stores file access history Evaluates each message
against FileWall policies Transforms file system
messages
FileWall constructs virtual namespaces using file system namespaces and access policies through
message transformation
FileWall constructs virtual namespaces using file system namespaces and access policies through
message transformation
Workshop on Spontaneous Networking
Applications of FileWall Model
Access control Quality of Service (QoS) File system organization Intrusion detection Information Lifecycle Management (ILM) Data transformations …
Workshop on Spontaneous Networking
Outline
Motivation Design
Access Context FileWall Policies
Implementation Evaluation Related Work Conclusions
Workshop on Spontaneous Networking
Access Context
Access history Access statistics Sequence of accesses
Describes user behavior
Environment Time, available disk space, CPU load, etc.
Workshop on Spontaneous Networking
Maintaining Access Context
Requirements Compact representation Contain semantic information which describes
user behavior Easy to understand and specify Soft state
Workshop on Spontaneous Networking
Access Tree
Node = file “run” Groups of accesses performed by same application Open to close or approximate using clustered accesses
Attributes File name Type of run (READ, WRITE, etc.) Operation count
Edge Run started after and ended before parent
Depth-first traversal defines sequence of runs in an access tree
Workshop on Spontaneous Networking
Access Tree Example
Root
Workshop on Spontaneous Networking
Access Tree Example
Read 1
Root
1
Workshop on Spontaneous Networking
Access Tree Example
Read 1, Create/Delete 2
Root
1
2
Workshop on Spontaneous Networking
Access Tree Example
Read 1, Create/Delete 2, Read/Write 3
Root
1
2
3
Workshop on Spontaneous Networking
Access Tree Example
Read 1, Create/Delete 2, Read/Write 3, Write 1
Root
1
2
3 1
Workshop on Spontaneous Networking
Outline
Motivation Design
Access Context FileWall Policies
Implementation Evaluation Related Work Conclusions
Workshop on Spontaneous Networking
FileWall Policies
Transform messages (requests and replies) Sequence of rules INPUT and OUTPUT
Use: Access context File attributes contained in messages
Workshop on Spontaneous Networking
FileWall Policy Example
Policy: “Show files accessed today” For each client-visible file:
Access Time = TODAY
Transform directory listing messages READDIR and READDIRPLUS
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
MREADDIR
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIR
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIR
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIR READDIRPLUS
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIRPLUS
FileWall
Workshop on Spontaneous Networking
FileWall Policy Example
AccessContext
Policies
READDIRPLUSREADDIR
FileWall
Workshop on Spontaneous Networking
Policy Descriptors
INPUT Rule:int fwin(rpc_msg request) {
if (request.proc == READDIR) {
request.proc = READDIRPLUS;
return FORWARD;
}
}
OUTPUT Rule:int fwout(rpc_msg reply) { if (reply.proc == READDIRPLUS) { FOREACH entp in reply {
if (entp.atime == TODAY) copy_entry(resp_entp, entp)
} reply.entries = res_entp; reply.proc = READDIR; return FORWARD; }}
Specified as C programs and compiled as loadable shared modules
Specified as C programs and compiled as loadable shared modules
Workshop on Spontaneous Networking
Outline
Motivation Design
Access Context FileWall Policies
Implementation Evaluation Related Work Conclusions
Workshop on Spontaneous Networking
Implementation
FileWall: Click Modular Router NFS over UDP
Workshop on Spontaneous Networking
Implementation
FileWall Click Modular Router NFS over UDP
FileWall Client SFS toolkit Session establishment Bootstrapping
Identify list of available file systems
Workshop on Spontaneous Networking
Outline
Motivation Design
Access Context FileWall Policies
Implementation Evaluation Related Work Conclusions
Workshop on Spontaneous Networking
Interposition Overhead: Emacs Compilation
Workshop on Spontaneous Networking
Case Study: Flash Crowd Mitigation
General purpose server Email, user homes, web server Files mounted over NFS
Web servers are prone to flash crowds Current policies
Rate limit number of requests Disable web server
Workshop on Spontaneous Networking
Mitigating Flash Crowds with FileWall
Access context Rate of sequential file reads, directory listings,
etc. Policy
Hide files with rate greater than a threshold Show files again when rate falls below threshold
Only the source of the flash crowd disappears from the namespace
Workshop on Spontaneous Networking
Results
Workshop on Spontaneous Networking
Related Work
Infokernel [Arpaci-Dusseau ‘03], firewall/NAT Access Context
Desktop search [Soules ’03] File system prefetching [Amer ’02, Lei ’97] Enforcing enterprise-wide policies [He ’05]
Semantic file systems [Sheldon ’91, Pike ’93, Neuman ’92, Rao ’93]
Extensible file systems [Zadok ’00, Tewari ’05]
Workshop on Spontaneous Networking
Future Work
User study Real deployment Behavior models
Workshop on Spontaneous Networking
Future Work
User study Real deployment Behavior models
Policy language Constraints Debugging and logging
Workshop on Spontaneous Networking
Future Work
User study Real deployment Behavior models
Policy language Constraints Debugging and logging
Data transformations Censorship Protocol translations
NFS -> CIFS Recipe-based file system (CASPER) IP -> RDMA
Video encoding Content adaptation
Workshop on Spontaneous Networking
Conclusions
Per-file access policies can be enforced using virtual namespaces No client or server modification required Soft state maintenance required
Workshop on Spontaneous Networking
Conclusions
Per-file access policies can be enforced using virtual namespaces No client or server modification required Soft state maintenance required
Provides administrators the ability to define a wide variety of access policies Protect file systems Provide quality of service
Thank You
Questions?
Workshop on Spontaneous Networking
Evaluation
Dell Poweredge 2600 systems Dual 2.4GHz Intel Xeon processors 1GB RAM 36GB 15000 RPM SCSI disk
Linux Gigabit Ethernet switch
Workshop on Spontaneous Networking
QoS Policy
Workshop on Spontaneous Networking
Policy Enforcement Requirements
Expressive Deployable Scalable Available