jvpfs adding robustness to a secure stacked file system
play

jVPFS: Adding Robustness to a Secure Stacked File System with - PowerPoint PPT Presentation

Oct 10, 2023 •206 likes •429 views

Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Hrtig INTRODUCTION

  1. Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Härtig

  2. INTRODUCTION Confidentiality, Integrity, Availability VPN: Secure Net Secure Net Internet TU Dresden jVPFS 2

  3. INTRODUCTION VPFS: Confidentiality, Integrity, Availability TCB App Linux Kernel 4,600 SLOC Secure Commodity File System File System 50,000+ SLOC Microkernel / Micro ! Hypervisor [1] Weinhold, Härtig: „ VPFS: Building a Virtual Private File System With a Small Trusted Computing Base“ , EuroSys’08 TU Dresden jVPFS 2

  4. INTRODUCTION VPFS: Confidentiality, Integrity, Availability Secure File System Secure File System Proxy Commodity File System [1] Weinhold, Härtig: „ VPFS: Building a Virtual Private File System With a Small Trusted Computing Base“ , EuroSys’08 TU Dresden jVPFS 2

  5. OUTLINE ■ Introduction ■ VPFS: V irtual P rivate F ile S ystem ■ j VPFS: Adding robustness securely ■ Evaluation ■ Lessons learned TU Dresden jVPFS 3

  6. VPFS STACK Secure File System Secure File System Proxy Commodity File System TU Dresden jVPFS 4

  7. FILES & FILE CONTAINERS Virtual Private File System (TCB) H M M M H H H D D D D D Reused Commodity File System (Untrusted) ■ Encrypted files in commodity file system ■ Merkle hash tree to detect tampering TU Dresden jVPFS 5

  8. UPDATING HASH TREE H M M M H H H D D D D D ■ High overhead: many writes + crypto ops ■ Hash tree updates must be atomic TU Dresden jVPFS 6

  9. CONSISTENCY PROBLEM ■ File ! system consistency is complex problem: ■ Correct implementation is difficult [2,3] ■ Bugs often in corner cases, error checking [4] ■ Widely used file systems affected, too ■ Goal: keep complexity out of the TCB [2] Yang et al.: „Using Model Checking to Find Serious File System Errors“ , ACM TOCS Vol.24 Issue 4, 2006 [3] Prabhakaran et al.: „Model ! Based Failure Analysis of Journaling File Systems“ , DSN’05 [4] Gunawi et al.: „EIO: Error Handling is Occasionally Correct“ , FAST’08 TU Dresden jVPFS 7

  10. HASH TREE + JOURNAL H M M M H H D D D H H H H ■ Record new hash sums in journal ■ Recovery: valid hash either in tree or journal TU Dresden jVPFS 8

  11. BLOCK WRITE BACK Security critical ■ Calculate hash + encrypt block ■ Put ciphertext + hash into shared ring buffer ■ Do ordered write to legacy file system ■ Append hash sums to journal ■ Write blocks afterwards ■ Optimizations Critical only for Availability TU Dresden jVPFS 9

  12. JOURNALING METADATA ■ Approach: log operations, not blocks ■ Code reuse: replay during recovery via API ■ Simple dependency tracking ■ Non ! intrusive implementation ■ Dependencies: ■ New files: inode, name, parent dir ■ Updated files: file size, hash sums ■ Unlinked / moved files: name, parent dir TU Dresden jVPFS 10

  13. TRACKING NEW FILES file table new ! file table fd p_fd p_inode name 0 File* 0 1 1 2 File* 2 1 0 „dir“ 3 File* 3 2 0 „file23“ 4 File* 4 2 113 „file42“ ... ... 511 511 Pathname elements to log: .../ dir/ file42 TU Dresden jVPFS 11

  14. JOURNAL CONTENT H M M M H H M M H D D D File_create File_create Update_block Update_block Update_block „dir“ „file42“ H(block), H(block), H(block), file size file size file size TU Dresden jVPFS 12

  15. JOURNAL SECURITY ■ Confidentiality: Root ■ Filenames, inodes, etc.: encrypted Record Record ■ Block offset, type: plaintext Record MAC ■ Tamper detection: Record ■ Anchor of journal in „Sealed Memory“ MAC Record ■ Journal is continuously MAC’d Record MAC ■ Record groups: ■ All records between two MACs TU Dresden jVPFS 13

  16. RECOVERY PROCEDURE Root Critical only for 1. Recover legacy file system Availability Record 2. Find complete record groups in journal Record 3. Restore pre-journal versions of metadata blocks Record MAC 4. Read root info (aka superblock) Record 5. Replay: MAC a) Get complete record groups Record b) Check integrity + decrypt Record c) Re-execute operations: MAC open(), unlink(), ... Record d) Repeat from a) Security critical Record TU Dresden jVPFS 14

  17. COOPERATION ■ Extensive Reuse: ■ Complete commodity file system ■ Existing consistency primitives: ■ Journaling, copy ! on ! write, ... ■ Write ordering, snapshots ■ More details in paper: ■ Checkpoints + journal truncation ■ Flushing metadata blocks TU Dresden jVPFS 15

  18. SOURCE COMPLEXITY SLOC OC Subsystem ReiserFS Ext4 jVPFS Journal + replay ~3,200 ~5,000 325 Basic persistency 404 16,500+ 16,500+ 24,000+ 24,000+ Core functionality 2,444 Crypto algorithms 667 TU Dresden jVPFS 16

  19. TESTING RECOVERY ■ Testcase for recovery: ■ Unpack tar archive (3,000+ files, 70 MB) ■ Power ! cycle machine, interrupt write back ■ Recover jVPFS + try to open + read all files: ■ NILFS+Flash: successful ■ ReiserFS+HDD: successful ■ Example run: replay 1.2 MB journal in 5.1s ■ Restored: 2,710 files, 40 MB user data TU Dresden jVPFS 17

  20. PERFORMANCE 30s Native Linux 25s jVPFS, no journal jVPFS, journal 20s 15s 10s 5s 0s PM ! 2 PM ! 2 untar untar ReiserFS NILFS ReiserFS NILFS HDD Flash HDD Flash TU Dresden jVPFS 18

  21. LESSONS LEARNED ■ jVPFS: Less than 350 SLOC in TCB to make secure file system robust ■ Security ! critical core for journaling + replay: ■ Log API ! level operations, replay via API ■ Code reuse, simple dependency tracking ■ Move complexity to untrusted file system ■ Reuse existing consistency primitives TU Dresden jVPFS 19

Recommend

Disk Drives and Geometry File Systems: Performance & Robustness 11G. File System Performance

Disk Drives and Geometry File Systems: Performance & Robustness 11G. File System Performance

5/18/2018 Disk Drives and Geometry File Systems: Performance & Robustness 11G. File System Performance Spindle 10 heads 11H. File System Robustness 0 1 5 platters head 10 surfaces 11I. Check-sums positioning assembly 8 9 11J.

578 views • 9 slides
STACKED GRAPHS STACKED GRAPHS EVOLUTION OF STACKED GRAPHS Stacked Area Chart Themeriver

STACKED GRAPHS STACKED GRAPHS EVOLUTION OF STACKED GRAPHS Stacked Area Chart Themeriver

A. Thudt | J. Walny | C. Perin | F. Rajabiyazdi | L. MacDonald | R. Vardeleon | S. Greenberg | S. Carpendale ASSESSING THE READABILITY OF STACKED GRAPHS STACKED GRAPHS STACKED GRAPHS EVOLUTION OF STACKED GRAPHS Stacked Area Chart Themeriver

978 views • 51 slides
Investor Update TSX : SES | secure-energy.com SECURE ENERGY Overview Delivering value adding

Investor Update TSX : SES | secure-energy.com SECURE ENERGY Overview Delivering value adding

January 2020 Investor Update TSX : SES | secure-energy.com SECURE ENERGY Overview Delivering value adding midstream infrastructure solutions across 156.5 $792 Western Canada and the U.S. Common Shares Market Strategically located oil and

442 views • 22 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton

Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton

Beyond the Pixels: Exploring the Effect of Video File Corruptions on Model Robustness Trenton Chang Daniel Y. Fu Yixuan Li Christopher R Stanford University Workshop on Adversarial Robustness in the Real World, ECCV 2020

280 views • 13 slides
Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation

Chapter 12: File System Implementation File System Structure File System Implementation Directory Implementation Allocation Methods Free-Space Management Efficiency and Performance Recovery Log-Structured File Systems

492 views • 47 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides
Secure, Fast, Easy and Comprehensive File Management System What is FileOrbis? FileOrbis is an

Secure, Fast, Easy and Comprehensive File Management System What is FileOrbis? FileOrbis is an

Secure, Fast, Easy and Comprehensive File Management System What is FileOrbis? FileOrbis is an on-premise file management system allowing you to: Access your files from everywhere , Manage authorizations and access to your files,

602 views • 27 slides
1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski Distributed Systems

753 views • 23 slides
File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System

File Systems Chapter 11, 13 OSPP What is a File? What is a Directory? Goals of File System Performance Controlled Sharing Convenience: naming Reliability File System Workload File sizes Are most files small or large?

996 views • 62 slides
CSE 120 File System Interface What the user/programmer sees File System Implementation

CSE 120 File System Interface What the user/programmer sees File System Implementation

Overview CSE 120 File System Interface What the user/programmer sees File System Implementation How it works Summer, 2006 Day 9 File Systems Instructor: Neil Rhodes 2 What is a File? Typical Filesystem Named collection of related

175 views • 5 slides
File System Implementation Summer 2016 Cornell University Today File allocation Unix

File System Implementation Summer 2016 Cornell University Today File allocation Unix

CS 4410 Operating Systems File System Implementation Summer 2016 Cornell University Today File allocation Unix file system Log-structured file system 2 File system: two design problems User interface: File, directory,

362 views • 21 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Windows File System Efficiency and Stability of a file system are contradicting requirements. How

Unit OS8: File System 8.6. Quiz Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Windows File System Efficiency and Stability of a file system are contradicting requirements. How can the

279 views • 11 slides
Matrix Robustness, with an Application to Power System Observability Matthias Brosemann Jochen

Matrix Robustness, with an Application to Power System Observability Matthias Brosemann Jochen

Power system observability Complexity of Matrix Robustness Algorithms for Matrix Robustness Experiments Matrix Robustness, with an Application to Power System Observability Matthias Brosemann Jochen Alber Falk H uffner Rolf Niedermeier

350 views • 31 slides
(Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT

(Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT

GDOT SFTP (Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT File Exchange System More user friendly and less complicated Uses same GADOT Username and Password that you use for GDOT File

657 views • 12 slides
Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz

Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz

Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz and Gregory Finn USC/Information Sciences Institute {rdv,hotz,finn}@isi.edu Fifth NASA Goddard Space Flight Center Conference on Mass Storage

339 views • 16 slides
Distributed Systems - III Open a file, check status on a file, close a file; Read data

Distributed Systems - III Open a file, check status on a file, close a file; Read data

CSE 421/521 - Operating Systems What does Distributed File System Provide? Fall 2011 Provide access to and manipulation of data stored at remote servers using file system interfaces Lecture - XXV What are the file system interfaces?

236 views • 5 slides
File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk

File System Thierry Sans (recap) File System Abstraction File system specifics of which disk class it is using It issues block read/write requests to the generic block layer Provide an abstraction Goals Implement an abstraction (files) for

389 views • 37 slides
FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System

FILE SYSTEM IMPLEMENTATION Sunu Wibirama Outline File-System Structure File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion 11. Outline File-System Structure

516 views • 51 slides
Week 10: File Management What is a file? Elements of file management File

Week 10: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems Week 10: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

498 views • 13 slides
Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary

Speeding up file system checks in ext4 Theodore Ts'o Why File System Checks Are Necessary Software is not perfect Bugs in kernel (File system, VM, Device Driver code) Hardware is not perfect Disk errors Memory errors File

613 views • 24 slides
Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure

Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Operating System Concepts Silberschatz, Galvin and Gagne 2002 11.1 File Concept

387 views • 15 slides
File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system

CS 4410 Operating Systems File-System: Implementation Summer 2013 Cornell University 1 Today How is the file system implemented? Layered file system Directory implementation Allocation methods Free-space management 2

453 views • 18 slides

More recommend