FileWall: A Firewall for Network File Systems
Smaldone, S.; Bohra, A.; Iftode, L.
Dependable, Autonomic and Secure Computing, 2007. DASC 2007. Third IEEE International Symposium on
Volume , Issue , 25-26 Sept. 2007 Page(s):153 - 162
Digital Object Identifier 10.1109/DASC.2007.27
Summary:Access control in network file systems relies on primitive mechanisms like access control lists and permission bits, which are not enough when operating in a hostile network environment. Network middleboxes, e.g., firewalls, completely ignore file system semantics when defining policies. Therefore, implementing simple context-aware access policies requires modifications to file servers and/or clients, which is impractical. We present FileWall, a network middlebox that allows administrators to define context-aware access policies for file systems using both the network context and the file system context. FileWall interposes on the client-server network path and implements administrator defined policies through message transformation without modifying either clients or servers. In this paper, we present the design and implementation of FileWall for the NFS protocol. Our evaluation demonstrates that FileWall imposes minimal overheads for common file system operations, even under heavy loads.
View citation and abstract |
Cart
