Student/Institution Craig Soules- Carnegie Mellon University
Scholarship Grant
Current Project Description Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. My contribution was in the design and implementation of the versioning file system used by the storage device. The system combines log-structuring with journal-based metadata to minimize the performance costs of comprehensive versioning. The publication on this was presented in the latest OSDI.
Current Status Over the last year I have been working on two different projects in the area of operating systems. The first is self-securing storage, where my focus has been on creating a space efficient versioning file system. The second is in collaboration with IBM Research on the K42 project, where my focus is on kernel-level object interposition. The first project, self-securing storage, prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep old versions of data for a window of time, regardless of the commands received from potentially compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. My contribution was in the design and implementation of the versioning file system used by the storage device. The system combines log-structuring with journal-based metadata to minimize the performance costs of comprehensive versioning. My recent focus has been on improving the space efficiency and performance of the versioning file system. To this end, I have incorporated a number of ideas first utilized by databases on temporal data structures. For example, by utilizing a variation on the B+tree for the directory structure, access times have been decreased by an order of magnitude. Also, space utilization of directory versioning has been decreased two orders of magnitude due to the improved versioning mechanism. I also incorporated an initial differencing mechanism into the background cleaner of the file system to help further reduce the space used by file versions which have minimal changes. Although this differencing mechanism has not proven to be successful as of yet, we feel this is an aspect of the current implementation rather than an inherent problem. This additional functionality and the addition of compression mechanism to assist the differencing are an area of continuing work. I have also completed an analysis of the metadata versioning used by our system. My results indicate that system can reduce the space utilization of the versioned metadata by approximately 4x in the case of files and file attributes, and over 100x in the case of directories. Additionally, performance of our system is comparible with that of other systems, although there are some performance penalties for accessing file and directories back-in-time. My work also addresses ways in which these back-in-time operations can be assisted by making slight trade-offs between back-in-time performance and space. I plan to submit this work to the upcoming OSDI conference. The second project, kernel-level object interposition in K42, is focused on utilizing an object interposer to accomplish several useful tasks within the operating system which were not previously possible. K42 is an object-oriented microkernel designed to perform well in a multiprocessor environment. Although this work is just getting underway, I plan to design and implement an interposer which can insert functionality in front of an object's interface. This will allow for a number of interesting applications, including object hot-swapping (swapping components while they are in use), fault injection, insertion and removal of tracing and monitoring code during object use, and several others.
|
Need help? Use our Contacts page.
First posted: July 10, 1998 pc Last changed: 11 Dec 2001 jess |
|