Andrew Leung will give a talk titled Scalable Security for Petascale Parallel File Systems.

The demand for petabyte scale, high-performance parallel file systems is on the rise. These file systems often hold sensitive data and thus require security, but authentication and authorization have the potential to dramatically reduce performance because of the high number of clients and devices, data distribution across both clients and devices, and bursty and demanding workloads. Existing security protocols perform poorly in these environments because they do not scale well - the number of security operations is strongly tied to the number of devices and requests. To address these issues, we developed Maat, a security protocol designed to provide strong, scalable security in petabyte-scale parallel file systems. Maat introduces three novel concepts: extended capabilities, automatic revocation, and secure delegation, all of which act to limit the number of cryptographic operations as the number of devices and requests becomes large. Extended capabilities allow a single capability to authorize I/O for any number of clients to any number of files, greatly limiting the number of capabilities needed. Automatic revocation uses short capabilities lifetimes to allow simple capability expiration to act as a global revocation and renews non-revoked capabilities in batches, reducing the number of cryptographic operations required. Secure delegation allows clients to securely act on behalf of a group to open files and distribute access, reducing the number of operations for large, joint computations. The use of these techniques reduces the number of cryptographic operations by 4-6 orders of magnitude over existing approaches. Experiments on the Maat prototype we implemented in the Ceph high-performance storage system show an overhead of less than 15% over insecure operation with a small aggregate latency penalty. By implementing strong authentication and authorization without a large performance penalty, Maat enables secure access to high-performance petabyte-scale storage systems.