Capability based Secure Access Control to Networked Storage Devices

San Diego, California, USA September 24-September 27

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/MSST.2007.6

24th IEEE Conference on Mass Storage ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Factor Articles by Dalit Naor Articles by Eran Rom Articles by Julian Satran Articles by Sivan Tal

	ASCII Text	x
	Michael Factor, Dalit Naor, Eran Rom, Julian Satran, Sivan Tal, "Capability based Secure Access Control to Networked Storage Devices," Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on, pp. 114-128, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007), 2007.

	BibTex	x
	@article{ 10.1109/MSST.2007.6, author = {Michael Factor and Dalit Naor and Eran Rom and Julian Satran and Sivan Tal}, title = {Capability based Secure Access Control to Networked Storage Devices}, journal ={Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-3025-7}, pages = {114-128}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSST.2007.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on TI - Capability based Secure Access Control to Networked Storage Devices SN - 0-7695-3025-7 SP114 EP128 A1 - Michael Factor, A1 - Dalit Naor, A1 - Eran Rom, A1 - Julian Satran, A1 - Sivan Tal, PY - 2007 KW - storage KW - security KW - access control KW - virtualization KW - networked storage KW - capability-based security protocol. VL - 0 JA - Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on ER -

Michael Factor, IBM Haifa Laboratory, Israel

Dalit Naor, IBM Haifa Laboratory, Israel

Eran Rom, IBM Haifa Laboratory, Israel

Julian Satran, IBM Haifa Laboratory, Israel

Sivan Tal, IBM Haifa Laboratory, Israel

Today, access control security for storage area networks (zoning and masking) is implemented by mechanisms that are inherently insecure, and are tied to the physical network components. However, what we want to secure is at a higher logical level independent of the transport network; raising security to a logical level simplifies management, provides a more natural fit to a virtualized infrastructure, and enables a finer grained access control. In this paper, we describe the problems with existing access control security solutions, and present our approach which leverages the OSD (Object-based Storage Device) security model to provide a logical, cryptographically secured, in-band access control for today?s existing devices. We then show how this model can easily be integrated into existing systems and demonstrate that this in-band security mechanism has negligible performance impact while simplifying management, providing a clean match to compute virtualization and enabling fine grained access control.

Index Terms:

storage, security, access control, virtualization, networked storage, capability-based security protocol.

Citation:

Michael Factor, Dalit Naor, Eran Rom, Julian Satran, Sivan Tal, "Capability based Secure Access Control to Networked Storage Devices," msst, pp.114-128, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.