TY - GEN
T1 - Hardening access control and data protection in GFS-like file systems
AU - Kelley, James
AU - Tamassia, Roberto
AU - Triandopoulos, Nikos
PY - 2012
Y1 - 2012
N2 - The Google File System (GFS) is a highly distributed, faulttolerant file system designed for large files and high throughput batch processing. We consider the first complete security analysis of GFS systems. We formalize desirable security properties with respect to the successful enforcement of access control mechanisms and data confidentiality by considering a threat model that is much stronger then in previous works. We propose extensions to the GFS protocols that satisfy these properties, and provide a comprehensive analysis of the extensions, both analytically and experimentally. In a proof-of-concept implementation, we demonstrate the practicality of the extensions by showing that they incur only a 12% slowdown while offering higher-assurance guarantees.
AB - The Google File System (GFS) is a highly distributed, faulttolerant file system designed for large files and high throughput batch processing. We consider the first complete security analysis of GFS systems. We formalize desirable security properties with respect to the successful enforcement of access control mechanisms and data confidentiality by considering a threat model that is much stronger then in previous works. We propose extensions to the GFS protocols that satisfy these properties, and provide a comprehensive analysis of the extensions, both analytically and experimentally. In a proof-of-concept implementation, we demonstrate the practicality of the extensions by showing that they incur only a 12% slowdown while offering higher-assurance guarantees.
UR - http://www.scopus.com/inward/record.url?scp=84865606724&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84865606724&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-33167-1_2
DO - 10.1007/978-3-642-33167-1_2
M3 - Conference contribution
AN - SCOPUS:84865606724
SN - 9783642331664
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 19
EP - 36
BT - Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
T2 - 17th European Symposium on Research in Computer Security, ESORICS 2012
Y2 - 10 September 2012 through 12 September 2012
ER -