Security Requirements Analysis for Large-Scale Distributed File Systems

  • Syed Naqvi
  • Olivier Poitou
  • Philippe Massonet
  • Alvaro Arenas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4375)


This paper presents an analysis of security requirements of large-scale distributed file systems. Our objective is to identify their generic as well as specific security requirements and to propose potential solutions that can be employed to address these requirements. FileStamp – a multi-writer distributed file system developed at CETIC is considered as a case study for this analysis. This analysis yields that the existing range of security solutions can be employed to secure large-scale distributed file systems. However, they should be holistically employed to triumph over the security chinks in the FileStamp’s armor.


security services requirements analysis highly scalable systems distributed data management 


  1. 1.
    Dabek, F., Kaashoek, M., Karger, D., Morris, R., Stoica, I.: Wide-Area Cooperative Storage with CFS. In: Proceedings of 18th ACM Symposium on Operating Systems Principles (SOSP’01), chateau Lake Louise, Banff, Canada, October 2001, ACM, New York (2001)Google Scholar
  2. 2.
  3. 3.
    Rowstron, A., Druschel, P.: Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Druschel, P., Rowstron, A.: Past: Persistent and Anonymous Storage in a Peer-to-Peer Networking Environment. In: Proceedings of the 8th IEEE Workshop on Hot Topics in Operating Systems (HotOS-VIII), pp. 65–70. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  5. 5.
    Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for Grid Services. In: Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing (HPDC’03), IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  6. 6.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. International Journal of High Performance Computing Application 15(3), 200–222 (2001)CrossRefGoogle Scholar
  7. 7.
    Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., Welch, V.: The Community Authorization Service: Status and Future. In: Proceedings of Computing in High Energy Physics 03 (CHEP ’03), La Jolla, California, USA, March 24-28 (2003)Google Scholar
  8. 8.
    Allcock, W., et al.: GridFTP: Protocol extensions to FTP for the Grid, GGF Document Series GFD.20 (April 2003)Google Scholar
  9. 9.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A Security Architecture for Computational Grids. ACM Conference Proceedings, pp. 83-92 (1998)Google Scholar
  10. 10.
    Rescorla, E.: Hyper Text Transfer Protocol (HTTP) over Transport Layer Security (TLS), Internet Engineering Task Force (IETF) draft RFC # 2818 (May 2000)Google Scholar
  11. 11.
    Chokhani, S.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, Internet Engineering Task Force (IETF) draft RFC # 2527 (March 1999)Google Scholar
  12. 12.
    Thompson, M., Olson, D., Cowles, R., Mullen, S., Helm, M.: CA-based Trust Issues for Grid Authentication and Identity Delegation, Global Grid Forum (GGF) Certification Authority Operations Working Group Community Practices (Oct. 2002)Google Scholar
  13. 13.
    Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly & Associates, Sebastopol (1994)zbMATHGoogle Scholar
  14. 14.
    Barret, D., Silverman, R.: SSH: The Secure Shell. O’Reilly & Associates, Sebastopol (2001)Google Scholar
  15. 15.
    Ellison, C.: SPKI Requirements, IETF RFC 2692 (1999),
  16. 16.
    The Certification Authority of Belgian Grid Initiative,
  17. 17.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A Community Authorization Service for Group Collaboration. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  18. 18.
    Ferraiolo, D., Cugini, J., Kuhn, D.: Role Based Access Control (RBAC): Features and Motivations. In: Proceedings of the 11th Computer Security Applications Conference, New Orleans, LA, USA, 11-15 December, pp. 241–248 (1995)Google Scholar
  19. 19.
    Foster, I., Kesselman, C.: Globus: A Metacomputing Infrastructure Toolkit. International Journal of Supercomputer Applications 11(2), 115–129 (1998)Google Scholar
  20. 20.
    VOMS Architecture v1.1 (May 2002),
  21. 21.
    Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based Access Control for Widely Distributed Resources. In: 8th Usenix Security Symposium (1999)Google Scholar
  22. 22.
    Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: 7th ACM Symposium on Access Control Models and Technologies, ACM Press, New York (2002)Google Scholar
  23. 23.
    National Institute of Standards and Technology, Secure Hash Standard. Federal Information Processing Standards Publication 180-1, April 17 (1995)Google Scholar
  24. 24.
    Olmedilla, D., Rana, O., Matthews, B., Nejdl, W.: Security and Trust Issues in Semantic Grids. Proceedings of Schloss Dagstuhl Seminar no. 05271: Semantic Grid: The Convergence of Technologies, Dagstuhl, Germany, July 03-08 (2005)Google Scholar
  25. 25.
    Czajkowski, K., Foster, I., Kesselman, C., Sander, V., Tuecke, S.: SNAP: A Protocol for Negotiating Service Level Agreements and Coordinating Resource Management in Distributed Systems. In: Feitelson, D.G., Rudolph, L., Schwiegelshohn, U. (eds.) JSSPP 2002. LNCS, vol. 2537, pp. 3–540. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Silicon Graphics Incorporate (SGI), SGI and Intel on the Grid – Unique Capabilities for Grid Computing, Whitepaper (2005)Google Scholar
  27. 27.
    Watson, R.: High Performance Storage System Scalability: Architecture, Implementation and Experience. In: Proceedings of 22nd IEEE / 13th NASA Goddard Conference on Mass Storage Systems and Technologies 2005, 11-14 April, pp. 145–159. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Syed Naqvi
    • 1
  • Olivier Poitou
    • 1
  • Philippe Massonet
    • 1
  • Alvaro Arenas
    • 2
  1. 1.Centre of Excellence in Information and Communication Technologies (CETIC)Belgium
  2. 2.CCLRC Rutherford Appleton LaboratoryUK

Personalised recommendations