Abstract | ||
---|---|---|
This paper presents a proposal to embed the file access control into object-based storage devices (OSD) to achieve powerful storage security with rich semantics; and two application prototypes, the OSD-based intrusion detection (ID) and the finer-grained (than the file-level) access control, are implemented to show its feasibility. To embed file access control into storage, one of vital challenges is how to connect a file with its corresponding storage units and its access control rule. In this design, OSD itself can complete the connection-for ID, the one (file) to one (object) relationship is used to link files and their storage objects/access rules together by tie storage. As the relationship is extended to one to more, one file can be divided into several objects in accordance with its access control semantics; then assigning users with different access permissions based on the file's internal structure (which is the meaning of the finer-grained access control) is feasible. In addition, the OSD standard is discussed to extend to define new object attributes for file access control. Both prototypes are built based on the OSD reference implementation provided by Intel. Testing results show that the extra overheads introduced by this design are acceptable. |
Year | DOI | Venue |
---|---|---|
2011 | null | INTELLIGENT AUTOMATION AND SOFT COMPUTING |
Keywords | DocType | Volume |
object-based storage, access control, intrusion detection | Journal | 17 |
Issue | ISSN | Citations |
1 | 1079-8587 | 0 |
PageRank | References | Authors |
0.34 | 14 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Youhui Zhang | 1 | 202 | 28.36 |
Hongyi Wang | 2 | 119 | 7.42 |
Dongsheng Wang | 3 | 373 | 64.93 |
Weimin Zheng | 4 | 1889 | 182.48 |