Publication details

Bezpečný distribuovaný úložný prostor

Title in English Secure distributed data storage
Authors

HEJTMÁNEK Lukáš MATYSKA Luděk PROCHÁZKA Michal

Year of publication 2007
Type Article in Proceedings
Conference Širokopásmové sítě a jejich aplikace
MU Faculty or unit

Institute of Computer Science

Citation
Field Informatics
Keywords IBP; distributed data storage; distributed file systems; PKI; security extensions
Description In this paper, we propose an architecture that extends Logistical Networking to use Grid authentication and authorization services. Our architecture guarantees that user is authenticated to all services included in network storage stack, the authorization granularity is also at the service level and all authorizations can be revoked at any moment by service providers. We also support access policies. These can limit maximum amount of distributed storage space allocated to a user or group of users or they can limit the maximum amount of time the client can keep his data within the distributed storage. Advanced access control to files is supported, administrators can define access conditions. The prototype implementation has been used to evaluate overhead associated with the security enhancements. If only capabilities are encrypted, the Copy command has a notable but constant overhead of 10ms, all the other basic commands experience no visible overhead. When the full data encryption is enforced, all the data manipulation commands are bound by the speed of the used AES 128 cipher.

You are running an old browser version. We recommend updating your browser to its latest version.

More info