Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
GAIA • OS for ubiquitous system. • Built at middle-ware level built over native participating OS • It has a context aware file system • Each file is encapsulated in a container • Each file has some context variables defined for it.
Context File System of GAIA <CFS:Storage> <CFS:Owner>Munawar</CFS:Owner> <CFS:Host>srg181</CFS:Host> <CFS:Path>c:\Temp\15687</CFS:Path> <CFS:Context> <CFS:Type>situation</CFS:Type> <CFS:Value>class-presentation</CFS:Value> </CFS:Context> <CFS:Context> <CFS:Type>location</CFS:Type> <CFS:Value>106B1-Engg Hall</CFS:Value> </CFS:Context> </CFS:Storage>
Problem Statement Implement cryptographic access control for GAIA's Context File System. Identifying the User making the request General problem of cryptographic access control
The whole problem is a jigsaw puzzle and it’s a matter of putting the pieces in the right position And make correct decisions to get the whole solution.
Client Side Support At this point all users make request as root while accessing files. So, the client side CORBA interceptor should have a mechanism of including the user ID with every file access request. Decision 1 – Add user ID with every File access request.
Communication between client-server should be secure We would use OpenSSH for crypto solution and some key-generation protocol for session key management. An existing protocol like Otway-Rees would be used.
Maintaining the Access Control List Add an additional field to the XML definition for each file <CFS:Privilege>rwxr—r-x</CFS:Privilege> Looks a Lot like UNIX !!!!!!! We have to implement some user and group management scheme like UNIX.
File Access Policies Clients have different native OS – therefore the files should undergo filtering before being sent to clients. A filtering mechanism is already existent – Some augmentation may be necessary.
Credentials GAIA AS provides credentials Jalal is working on this. We would be using his component
Current Activities • Creating a draft of design • Going through the code • And a lot of reading materials, • ,phew…
Almost left an Important point Where are we putting the privilege information and how do we secure it?