1 / 22

FRAC: Implementing Role-Based Access Control for Network File Systems

FRAC: Implementing Role-Based Access Control for Network File Systems. Aniruddha Bohra, Stephen Smaldone , and Liviu Iftode Department of Computer Science Rutgers University {bohra,smaldone,iftode}@cs.rutgers.edu. Motivation. User A. Time < 5 PM. Developer. Shell scripts cron jobs

baina
Download Presentation

FRAC: Implementing Role-Based Access Control for Network File Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FRAC: Implementing Role-Based Access Control for Network File Systems Aniruddha Bohra, Stephen Smaldone, and Liviu Iftode Department of Computer Science Rutgers University {bohra,smaldone,iftode}@cs.rutgers.edu

  2. Motivation User A Time < 5 PM Developer Shell scripts cron jobs Manual User A User A Time > 5 PM Programmer Developers Programmers User A User A User B User D File F : { User B, User C } User C File F : { Developers, !Programmers }

  3. Role-Based Access Control (RBAC) Role Hierarchy Progs Users 1 Devs User A Users 1 Users 2 Roles Users Perms

  4. Benefits of RBAC • Policy Specification • Administrators define system-wide access control policies • Users may query and update portions of the access control system state • Simplified sharing and protection • Role Management • Role Hierarchy: Inheritance • Static Separation of Duties (SSD) • Session Management • Dynamic User to Role Mapping • Dynamic Separation of Duties (DSD) • Centralized Access Control Policy Enforcement • Enforcement of Principle of Least Privilege (POLP) • Verifiability of policy enforcement: auditing

  5. RBAC for Network File Systems? Interface changes Application changes … AC Policy Changes Access Control Decisions User AC Policy Changes require user agent FS Protocol FS Client Modifications File Server External Authority FS Client File Server

  6. FRAC: Network File System RBAC in a Middlebox AC Policy Changes Access Control Decisions Standard FS Protocol FRAC Middlebox Virtual Control Namespace (VCN) FS Client File Server VCN • Maintained at FRAC and Accessed by Client • Query State of AC System = FS READ • Update Permissions and AC Policies = FS WRITE

  7. Outline • Introduction • Design and Implementation • Background • Permission Evaluation in FRAC • Enforcing Principle of Least Privilege • Virtual Control Namespace (VCN) • Evaluation • Related Work • Conclusions

  8. Design Requirements • Middlebox to Enforce RBAC Policies • Interpose and transform messages • Understand file system semantics • Store policies and maintain state • Evaluate and enforce file system access control policies • Virtual Control Namespace • Enable users to query and owners to update the access control policy • Virtualize file system objects • Handle file system operations for virtual objects

  9. Background: FileWall Scheduler File Server FS Client Forwarder Request Handler … Access Context FileWallPolicy FileWall: A Firewall for Network File System, S. Smaldone, A. Bohra, and L. Iftode. To appear in the Proceedings of the 3rd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'07)

  10. Permission Evaluation in FRAC Scheduler File Server FS Client Forwarder Time > 5 PM ? ALLOW Access Context DENY FRAC Time AC Matrix

  11. Enforcing Principle of Least Privilege FS Request Op = READ File Handle = V0 UserID = U0 GroupID = G0 Access Context Role Hierarchy Progs Devs Users 2 Users 1 Users 1

  12. Virtual Control Namespace (VCN) Shadow Shadow File Contents FILE METADATA AC MATRIX Mirrored FS Namespace Root VCN • Active Roles • User -> Role Mappings • Session Control Interface Session

  13. VCN Challenges • Creation of virtual objects • Must create file identifiers for virtual objects • Must avoid file identifier collisions between virtual and real objects • Provide virtual identifiers for all objects and store mappings • Introduce virtual objects in existing namespace • Create virtual namespace under root of real namespace • Must modify namespace operations (e.g., READDIR, LOOKUP, etc.) to “splice” in virtual namespace • Handle file system operations to virtual objects • Need to distinguish accesses to virtual objects from those for real objects • Demultiplex based on virtual identifier to real identifier mappings

  14. VCN in FRAC Scheduler File Server FS Client Forwarder VCN Handler home home To Server bob VCN bob Access Context To Client FRAC VFH -> FH Map

  15. Prototype Implementation • Network middlebox • FRAC implemented as a FileWall policy module • Implements RBAC for NFSv3 protocol • Direct access limited only to administrators • Access Context • Berkeley DB: An open source database • Policy specification • Static configuration using XACML • Updates supported through VCN for users

  16. Outline • Introduction • Design and Implementation • Evaluation • Related Work • Conclusions

  17. Evaluation • Roles • Arranged as linear chain: highest to lowest privilege level • Session starts with a role at head of chain (worst case) • Setup • Systems: Dell Poweredge 2600 SMP systems, 2.4 GHz Xeon II CPU, 2 GB RAM, running Linux 2.6 • Microbenchmark: User-level RPC client • Application Benchmark: OpenSSH compilation

  18. Results - Microbenchmark Worst case overhead is low!

  19. Results - OpenSSH Compilation Most expensive data phases have small (<10% & < 15%) overheads!

  20. Related Work • RBAC Model • RBAC Standards [Ferraiolo’01, ANSI/INCITS’04] • RBAC for Network File Systems • Protocol Modifications [Gustaffson’97] • Agent-Based Systems [He’05] • Virtual and Programmable Namespaces • Plan 9 [Pike’93] • Semantic File Systems [Sheldon’91]

  21. Conclusions and Future Work • FRAC: RBAC for network file systems using a middlebox (FileWall) • Requires no client or server modifications • Virtual Control Namespace eliminates use of specialized agents • Low overheads: < 15% overhead for up to 50 roles • Future Work: • Language for Specification and Verification of policies • Continuous Monitoring of network file system accesses

  22. Thank You! Questions?

More Related