Naming, Migration, and Replication for NFSv4

In this paper, we discuss a global name space for NFSv4 and mechanisms for transparent migration and replication. By convention, any file or directory name beginning with /nfs on an NFS client is part of this shared global name space. Our system supports file system migration and replication through DNS resolution, provides directory migration and replication using built-in NFSv4 mechanisms, and supports read/write replication with precise consistency guarantees, small performance penalty, and good scaling. We implement these features with small extensions to the published NFSv4 protocol, and demonstrate a practical way to enhance network transparency and administerability of NFSv4 in wide area networks.http://deepblue.lib.umich.edu/bitstream/2027.42/107939/1/citi-tr-06-1.pd

Comparison of Networked File System Features

Tahle bakalářská práce porovnává některé vlastnosti vybraných síťových souborových systémů, a to NFS (verze 3 a 4), AFS a Coda FS. Zaměřuje se zejména na propustnost a rychlost prováděných I/O operací.This bachelor thesis compares some features of selected network file systems, namely NFS (version 3 and 4), AFS and Coda FS. Main focus is on throughput and speed of executed I/O operations.

Replication Control in Distributed File Systems

We present a replication control protocol for distributed file systems that can guarantee strict consistency or sequential consistency while imposing no performance overhead for normal reads. The protocol uses a primary-copy scheme with server redirection when concurrent writes occur. It tolerates any number of component omission and performance failures, even when these lead to network partition. Failure detection and recovery are driven by client accesses. No heartbeat messages or expensive group communication services are required. We have implemented the protocol in NFSv4, the emerging Internet standard for distributed filing.http://deepblue.lib.umich.edu/bitstream/2027.42/107880/1/citi-tr-04-1.pd

Cirrus, A Digtially Responsible Global FIlesystem

Cirrus is a distributed filesystem that uses an overlay network that extends the service domain of file servers to global scale without diminishing the quality of service. Cirrus, developed over many years, is operational today and is ready for testing and bench marking. Cirrus’ distributed shared memory implementation provides a fast and secure method of transporting all network traffic within the overlay network

Decentralized Access Control in Distributed File Systems

The Internet enables global sharing of data across organizational boundaries. Distributed file systems facilitate data sharing in the form of remote file access. However, traditional access control mechanisms used in distributed file systems are intended for machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizations. We provide a survey of decentralized access control mechanisms in distributed file systems intended for large scale, in both administrative domains and users. We identify essential properties of such access control mechanisms. We analyze both popular production and experimental distributed file systems in the context of our survey

SDS@hd – Scientific Data Storage

SDS@hd (Scientific Data Storage) is a central storage service for hot large-scale scientific data that can be used by researchers from all universities in Baden-Württemberg. It offers fast and secure file system storage capabilities to individuals or groups, e.g. in the context of cooperative projects. Fast data accesses are possible even in case of a high number of small files. User authentication and authorization are implemented in terms of the federated identity management in Baden-Württemberg allowing researchers to use their existing ID of their home institution transparently for this service. Data protection requirements can be fulfilled by data encryption and secure data transfer protocols. The service is operated by the computing center of Heidelberg University

Decentralized Access Control in Networked File Systems

The Internet enables global sharing of data across organizational boundaries. Traditional access control mechanisms are intended for one or a small number of machines under common administrative control, and rely on maintaining a centralized database of user identities. They fail to scale to a large user base distributed across multiple organizations. This survey provides a taxonomy of decentralized access control mechanisms intended for large scale, in both administrative domains and users. We identify essential properties of such access control mechanisms. We analyze popular networked file systems in the context of our taxonomy

Access control in semantic information systems

Access control has evolved in file systems. Early access control was limited and didn't handle identities. Access control then shifted to develop concepts such as identities. The next progression was the ability to take these identities and use lists to control what those identities can do. At this point we start to see more areas implementing access control such as web information systems. Web information systems has themselves started to raise the profile of semantic information. As semantic information systems start to expand new opportunities in access control become available to be explored. This dissertation introduces an experimental file system. The file system explores the concept of utilising metadata in a file system. The metadata is supported through the use of a database system. The introduction of the database enables the use of features such as views within the file system. Databases also provide a rich query language to utilise when nding information. The database aides the development of semantic meaning for the metadata stored. This provides greater meaning to the metadata and enables a platform for rethinking access contro

Identification of irregularities and allocation suggestion of relative file system permissions

It is well established that file system permissions in large, multi-user environments can be audited to identify vulnerabilities with respect to what is regarded as standard practice. For example, identifying that a user has an elevated level of access to a system directory which is unnecessary and introduces a vulnerability. Similarly, the allocation of new file system permissions can be assigned following the same standard practices. On the contrary, and less well established, is the identification of potential vulnerabilities as well as the implementation of new permissions with respect to a system's current access control implementation. Such tasks are heavily reliant on expert interpretation. For example, the assigned relationship between users and groups, directories and their parents, and the allocation of permissions on file system resources all need to be carefully considered. This paper presents the novel use of statistical analysis to establish independence and homogeneity in allocated file system permissions. This independence can be interpreted as potential anomalies in a system's implementation of access control. The paper then presents the use of instance-based learning to suggest the allocation of new permissions conforming to a system's current implementation structure. Following this, both of the presented techniques are then included in a tool for interacting with Microsoft's New Technology File System (NTFS) permissions. This involves experimental analysis on six different NTFS directory structures within different organisations. The effectiveness of the developed technique is then established through analysing the true positive and true negative values. The presented results demonstrate the potential of the proposed techniques for overcoming complexities with real-world file system administratio