Security of a High Performance Commodity Storage Subsystem

How do we incorporate security into a high performance commodity storage sub-system Technology trends and the increasing importance of IO bound workloads are driving the development of commodity network attached storage devices which deliver both increased functionality and increased performance to end users. In the network attached world, storage devices co-exist on the network with their clients, application file managers, and malicious adversaries who seek to bypass system security policies. As storage devices move from behind the protection of a server and become first class network entities in their own right, they must become actively involved in protecting themselves from network attacks. They must do this while cooperating with higher level applications, such as distributed file systems or database systems, to enforce the applications security policies over storage resources. In this dissertation, I address this problem by proposing a cryptographic capability system which enables application file managers to asynchronously make policy decisions while the commodity storage devices synchronously enforce these decisions. This dissertation analyzes a variety of access control schemata that exist in current distributed storage systems. Motivated by the analysis, I propose a basic cryptographic capability system that is flexible enough to efficiently meet the requirements of many distributed storage systems. Next, I explore how a variety of different mechanisms for describing a set of NASD objects can be used to improve the basic capability system. The result is a new design based on remote execution techniques. The new design places more access control processing at the drive in order to deliver increased performance and functional advantages. Based on the performance limitations of software cryptography demonstrated in a prototype implementation of a network attached storage device, I proposeevaluate an alternative to standard message authentication codec