Andrew Leung will give a talk titled Scalable Security for Petascale Parallel File Systems
.
Abstract:
The demand for petabyte scale, high-performance parallel file
systems is on the rise. These file systems often hold sensitive
data and thus require security, but authentication and authorization
have the potential to dramatically reduce performance because of the
high number of clients and devices, data distribution across both
clients and devices, and bursty and demanding workloads. Existing
security protocols perform poorly in these environments because they
do not scale well - the number of security operations is strongly
tied to the number of devices and requests. To address these
issues, we developed Maat, a security protocol designed to provide
strong, scalable security in petabyte-scale parallel file systems.
Maat introduces three novel concepts: extended capabilities,
automatic revocation, and secure delegation, all of
which act to limit the number of cryptographic operations as the
number of devices and requests becomes large. Extended capabilities
allow a single capability to authorize I/O for any number of clients
to any number of files, greatly limiting the number of capabilities
needed. Automatic revocation uses short capabilities lifetimes to
allow simple capability expiration to act as a global revocation and
renews non-revoked capabilities in batches, reducing the number of
cryptographic operations required. Secure delegation allows clients
to securely act on behalf of a group to open files and distribute
access, reducing the number of operations for large, joint
computations. The use of these techniques reduces the number of
cryptographic operations by 4-6 orders of magnitude over existing
approaches. Experiments on the Maat prototype we implemented in
the Ceph high-performance storage system show an overhead of less
than 15% over insecure operation with a small aggregate latency
penalty. By implementing strong authentication and authorization
without a large performance penalty, Maat enables secure
access to high-performance petabyte-scale storage systems.
When:
Monday, May 14, 2007 at 3:00 PM
Where:
E2-599
CRSS Contact:
Leung, Andrew
Last modified 24 May 2019