Computer Science and Engineering, Department of

 

Date of this Version

Spring 3-27-2010

Comments

Technical Report, Department of Computer Science and Engineering, University of Nebraska-Lincoln.
Copyright 2010 Zhongying Niu , Hong Jiang , Ke Zhou , Dan Feng , Tianming Yang , Dongliang Lei, and Anli Chen.

Abstract

This paper describes DSFS, a decentralized security system for large parallel file system. DSFS stores global access control lists (ACLs) in a centralized decisionmaking server and pushes pre-authorization lists (PALs) into storage devices. Thus DSFS allows users to flexibly set any access control policy for the global ACL or even change the global ACL system without having to upgrade the security code in their storage devices. With pre-authorization lists, DSFS enables a networkattached storage device to immediately authorize I/O, instead of demanding a client to acquire an authorization from a centralized authorization server at a crucial time. The client needs to acquire only an identity key from an authentication server to access any devices she wants. Experimental results show that DSFS achieves higher performance and scalability than traditional capability-based security protocols.