implementing network file system policies with filewall stephen smaldone, aniruddha bohra, and liviu...
Post on 21-Dec-2015
218 views
TRANSCRIPT
![Page 1: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/1.jpg)
Implementing Network File System Policies with FileWall
Implementing Network File System Policies with FileWall
Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode{smaldone,bohra,iftode}@cs.rutgers.edu
Department of Computer Science
Rutgers University
![Page 2: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/2.jpg)
2
File System EvolutionFile System Evolution
• Single user (desktop) FS to shared infrastructures– Centrally managed
– 24/7
– Shared access
– High maintenance requirements
– Interoperability: standards
• Unprecedented growth– Size of storage infrastructures
• Today - Tera• Tomorrow - Peta, Exa, ???
• User density: user consolidation• Data sources
– File sharing, document management, email, IM, VOIP
![Page 3: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/3.jpg)
3
File System Management ProblemsFile System Management Problems
• Monitoring:– Minimal built-in support for statistical monitoring (e.g., nfsstat)– Administrators required to gather data from many sources
• Access control:– Access control maintained per file at the discretion of the owner– Administrators must enforce access control to shared resources despite
ignorant non-malicious users
• Maintenance:– Patching newly exposed bugs in the file system– Debugging, testing, and deployment of new code– Administrator error impact much larger
• Evolution:– New functionality cannot be introduced without code extensions
![Page 4: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/4.jpg)
4
File System Management ProblemsFile System Management Problems
• Monitoring:– Minimal built-in support for statistical monitoring (e.g., nfsstat)– Administrators required to gather data from many sources
• Access control:– Access control maintained per file at the discretion of the owner– Administrators must enforce access control to shared resources despite
ignorant non-malicious users
• Maintenance:– Patching newly exposed bugs in the file system– Debugging, testing, and deployment of new code– Administrator error impact much larger
• Evolution:– New functionality cannot be introduced without code extensions
Management tools have not evolved to match administrator needsManagement tools have not evolved to match administrator needs
![Page 5: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/5.jpg)
5
Policy vs. Data AccessPolicy vs. Data Access
• Data Access:– Evolves independently– Performance enhancement– Protocol optimization– Acceptable to most
• Policy:– Evolves due to functionality requirements– Difficult to specify and reason about– Administration requirements differ between installations and
must be implemented independent of user requirements
![Page 6: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/6.jpg)
6
Policy vs. Data AccessPolicy vs. Data Access
• Data Access:– Evolves independently– Performance enhancement– Protocol optimization– Acceptable to most
• Policy:– Evolves due to functionality requirements– Difficult to specify and reason about– Administration requirements differ between installations and
must be implemented independent of user requirements
File systems implement a minimal set of management functionality
File systems implement a minimal set of management functionality
![Page 7: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/7.jpg)
7
Monitoring Policy : ExampleMonitoring Policy : Example
![Page 8: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/8.jpg)
8
Monitoring Policy : ExampleMonitoring Policy : Example
![Page 9: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/9.jpg)
9
Monitoring Policy : ExampleMonitoring Policy : Example
![Page 10: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/10.jpg)
10
Monitoring Policy : ExampleMonitoring Policy : Example
![Page 11: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/11.jpg)
11
Monitoring Policy : ExampleMonitoring Policy : Example
![Page 12: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/12.jpg)
12
Our GoalOur Goal
We propose a novel approach to implement network file system policies externally, without modifying the client or server, by transforming
messages flowing between them.
![Page 13: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/13.jpg)
13
Network File SystemsNetwork File Systems
FS_OP
NFS_REQ() NFS_REQ
RPC
Transport
read()
NFS_OP()
NFS_RSP
RPC
Transport
![Page 14: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/14.jpg)
14
ObservationsObservations
• All file system access are performed through messages– Message transformations can be used to enforce policies– File system state can be constructed using information
contained in messages
• All state relevant to file system accesses is available in messages– Policies can use file attributes contained in messages in policy
evaluation– Statistical information can also be used
![Page 15: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/15.jpg)
15
FileWall ModelFileWall Model
FS_OP
NFS_READ() NFS_REQ
RPC
Transport
FS_OP
NFS_READ()
NFS_RSP
RPC
Transport
NFS_REQ
RPC
Transport
NFS_RSP
RPC
Transport
![Page 16: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/16.jpg)
16
Monitoring Policy: RevisitedMonitoring Policy: Revisited
![Page 17: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/17.jpg)
17
Monitoring Policy: RevisitedMonitoring Policy: Revisited
![Page 18: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/18.jpg)
18
Monitoring Policy: RevisitedMonitoring Policy: Revisited
![Page 19: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/19.jpg)
19
Monitoring Policy: RevisitedMonitoring Policy: Revisited
FileWall enables the separation of concerns of network aware policy enforcement and the file systems
FileWall enables the separation of concerns of network aware policy enforcement and the file systems
![Page 20: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/20.jpg)
20
OutlineOutline
• Motivation• Design• Implementation• Evaluation• Related Work• Conclusions
![Page 21: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/21.jpg)
21
Design GuidelinesDesign Guidelines
• Specification– Ease of specify and reason about policies
• Protocol semantics– Message reordering and aggregation– Retransmissions and lost bytes
• Performance– In critical path cannot have large delays
• Fault tolerance and availability– Cannot maintain “hard-state”– Limited access to stable storage
![Page 22: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/22.jpg)
22
FileWall Design OverviewFileWall Design Overview
• Specification– Policies specified using macro-like language– Message transformation
• State Maintenance (Access Context)– Local policy state and global environment– Read-only state specified by the administrator– State generated and stored by policies during execution– Time, available disk space, CPU load, etc.
• Execution– Policy scheduling and execution– Logging and debugging
![Page 23: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/23.jpg)
23
FileWall ArchitectureFileWall Architecture
FS Client File ServerFileWall Engine
AccessContext Policies
FileWall
M M’
RR’
![Page 24: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/24.jpg)
24
FileWall PoliciesFileWall Policies
• Transform messages (requests and replies)– REQ handler– RSP handler
• Use:– File attributes contained in messages– Access context
![Page 25: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/25.jpg)
25
FileWall Policy ExampleFileWall Policy Example
• Policy: “Show files accessed today”• For each client-visible file:
– Access Time = TODAY
• Transform directory listing messages– READDIR and READDIRPLUS
![Page 26: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/26.jpg)
26
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
![Page 27: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/27.jpg)
27
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIR
![Page 28: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/28.jpg)
28
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIR
![Page 29: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/29.jpg)
29
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIR
![Page 30: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/30.jpg)
30
FileWall Policy ExampleFileWall Policy Example
READDIRPLUS
FileWall Engine
AccessContext Policies
FileWall
READDIR
![Page 31: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/31.jpg)
31
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIRPLUS
![Page 32: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/32.jpg)
32
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIRPLUS
![Page 33: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/33.jpg)
33
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIRPLUS
![Page 34: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/34.jpg)
34
FileWall Policy ExampleFileWall Policy Example
FileWall Engine
AccessContext Policies
FileWall
READDIRPLUSREADDIR
![Page 35: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/35.jpg)
35
Policy ChainsPolicy Chains
• Defined by administrator– Lists policies in order of request processing
• Scheduler– Determines policy execution schedule
• Fowarder– Forwards messages between policies– Determines next policy in chain as a message flows along the
policy chain– Discards messages
• Default Policies– RECV Policy (start), SEND Policy (end)
![Page 36: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/36.jpg)
36
Policy ChainsPolicy Chains
![Page 37: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/37.jpg)
37
OutlineOutline
• Motivation• Design• Implementation• Evaluation• Related Work• Conclusions
![Page 38: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/38.jpg)
38
ImplementationImplementation
• FileWall– Click Modular Router– NFS over UDP
• Unmodified Linux NFS client and server• Policies
– Statistics monitoring policy– Temporal Access Control– File Handle Security– Client Transparent Failover
![Page 39: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/39.jpg)
39
OutlineOutline
• Motivation• Design• Implementation• Evaluation• Related Work• Conclusions
![Page 40: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/40.jpg)
40
Fstress Performance (2.4 GHz Server)Fstress Performance (2.4 GHz Server)
![Page 41: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/41.jpg)
41
Interposition OverheadsInterposition Overheads
![Page 42: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/42.jpg)
42
Varying Network DelayVarying Network Delay
![Page 43: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/43.jpg)
43
Fstress Performance (Overloaded Server)Fstress Performance (Overloaded Server)
![Page 44: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/44.jpg)
44
ScalabilityScalability
![Page 45: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/45.jpg)
45
Related WorkRelated Work
• Distributed and Extensible File Systems:– FiST [Zadok ’00]– Interposed Request Routing [Anderson ’02]– SFS [Mazieres ’99]
• Extensible Policies:– SPIN [Sirer ’95]– VINO [Seltzer ’96]– Exokernel [Engler ’95]– Infokernel [Arpaci-Dusseau ’03]– LGI [Minsky ’00], [He ’05]
• Composable Network Processing:– Packet filters [Bos ’04]– x-kernel [Hutchinson ’91]– Scout [Montz ’94]– Click [Kohler ’00]
![Page 46: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/46.jpg)
46
Future WorkFuture Work
• High-Level Policy language– Constraints– Debugging and logging
![Page 47: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/47.jpg)
47
Future WorkFuture Work
• High-Level Policy language– Constraints– Debugging and logging
• User study– Real deployment– Behavior models
![Page 48: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/48.jpg)
48
Future WorkFuture Work
• High-Level Policy language– Constraints– Debugging and logging
• User study– Real deployment– Behavior models
• Data transformations– Censorship– Protocol translations
• NFS -> CIFS• Recipe-based file system (CASPER)• IP -> RDMA
– Video encoding– Content adaptation
![Page 49: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/49.jpg)
49
ConclusionsConclusions
• FileWall– Architecture, Design, and Implementation
• Policy enforcement through message transformation• Implementation of four real-world policies• Policy implementations are portable• Interposition overheads are low• Given sufficient resources, relative to an NFS server,
FileWall imposes minimal overheads
![Page 50: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/50.jpg)
50
AcknowlegementsAcknowlegements
• Fabio Picconi (Universite de Paris 6)• Cristian Ungureanu (NEC Labs)
![Page 51: Implementing Network File System Policies with FileWall Stephen Smaldone, Aniruddha Bohra, and Liviu Iftode {smaldone,bohra,iftode}@cs.rutgers.edu Department](https://reader036.vdocument.in/reader036/viewer/2022062516/56649d5e5503460f94a3d0cd/html5/thumbnails/51.jpg)
Thank YouThank You
Questions?