FRAC: Implementing Role-Based Access Control for Network File Systems

Cambridge, Massachusetts July 12-July 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/NCA.2007.25

Sixth IEEE International Symposium on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Aniruddha Bohra Articles by Stephen Smaldone Articles by Liviu Iftode

	ASCII Text	x
	Aniruddha Bohra, Stephen Smaldone, Liviu Iftode, "FRAC: Implementing Role-Based Access Control for Network File Systems," Network Computing and Applications, IEEE International Symposium on, pp. 95-104, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007), 2007.

	BibTex	x
	@article{ 10.1109/NCA.2007.25, author = {Aniruddha Bohra and Stephen Smaldone and Liviu Iftode}, title = {FRAC: Implementing Role-Based Access Control for Network File Systems}, journal ={Network Computing and Applications, IEEE International Symposium on}, volume = {0}, year = {2007}, isbn = {0-7695-2922-4}, pages = {95-104}, doi = {http://doi.ieeecomputersociety.org/10.1109/NCA.2007.25}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Network Computing and Applications, IEEE International Symposium on TI - FRAC: Implementing Role-Based Access Control for Network File Systems SN - 0-7695-2922-4 SP95 EP104 A1 - Aniruddha Bohra, A1 - Stephen Smaldone, A1 - Liviu Iftode, PY - 2007 KW - null VL - 0 JA - Network Computing and Applications, IEEE International Symposium on ER -

Aniruddha Bohra, Rutgers University, USA

Stephen Smaldone, Rutgers University, USA

Liviu Iftode, Rutgers University, USA

We present FRAC, a Framework for Role-based Access Control in network file systems. FRAC is a reference monitor that controls the message flow between file system clients and servers. FRAC supports role hierarchies, user sessions, and static and dynamic separation of duty constraints. It also allows administrators to define dynamic policies based on access history and the environment, e.g., time of day.

FRAC introduces a virtual control namespace (VCN) that provides an interface to query and update the state of the access control framework over the standard file system protocol. This namespace eliminates the need for executing specialized user agents either at the client or at the server. Therefore, FRAC does not require any modification to either the file system client or the file server. We have implemented FRAC for the widely deployed NFS protocol using FileWall, a file system proxy previously developed by us. Our experimental evaluation shows that FRAC imposes minimal overheads for the common file system operations.

Citation:

Aniruddha Bohra, Stephen Smaldone, Liviu Iftode, "FRAC: Implementing Role-Based Access Control for Network File Systems," nca, pp.95-104, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.