An implementation of a secure version of NFS including RBAC

Paul Ashley; Bradley Broom; Mark Vandenwauver

doi:10.1007/3-540-48970-3_18

An implementation of a secure version of NFS including RBAC

Paul Ashley, Bradley Broom, Mark Vandenwauver

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC_GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.

Original language	English (US)
Title of host publication	Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings
Editors	Josef Pieprzyk, Rei Safavi-Naini, Jennifer Seberry
Publisher	Springer Verlag
Pages	213-227
Number of pages	15
ISBN (Print)	3540657568, 9783540657569
DOIs	https://doi.org/10.1007/3-540-48970-3_18
State	Published - 1999
Externally published	Yes
Event	4th Australasian Conference on Information Security and Privacy, ACISP 1999 - Wollongong, Australia Duration: Apr 7 1999 → Apr 9 1999

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	1587
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	4th Australasian Conference on Information Security and Privacy, ACISP 1999
Country/Territory	Australia
City	Wollongong
Period	4/7/99 → 4/9/99

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/3-540-48970-3_18

Cite this

Ashley, P., Broom, B., & Vandenwauver, M. (1999). An implementation of a secure version of NFS including RBAC. In J. Pieprzyk, R. Safavi-Naini, & J. Seberry (Eds.), Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings (pp. 213-227). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1587). Springer Verlag. https://doi.org/10.1007/3-540-48970-3_18

An implementation of a secure version of NFS including RBAC. / Ashley, Paul; Broom, Bradley; Vandenwauver, Mark.
Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings. ed. / Josef Pieprzyk; Rei Safavi-Naini; Jennifer Seberry. Springer Verlag, 1999. p. 213-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 1587).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ashley, P, Broom, B & Vandenwauver, M 1999, An implementation of a secure version of NFS including RBAC. in J Pieprzyk, R Safavi-Naini & J Seberry (eds), Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 1587, Springer Verlag, pp. 213-227, 4th Australasian Conference on Information Security and Privacy, ACISP 1999, Wollongong, Australia, 4/7/99. https://doi.org/10.1007/3-540-48970-3_18

Ashley P, Broom B, Vandenwauver M. An implementation of a secure version of NFS including RBAC. In Pieprzyk J, Safavi-Naini R, Seberry J, editors, Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings. Springer Verlag. 1999. p. 213-227. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/3-540-48970-3_18

Ashley, Paul ; Broom, Bradley ; Vandenwauver, Mark. / An implementation of a secure version of NFS including RBAC. Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings. editor / Josef Pieprzyk ; Rei Safavi-Naini ; Jennifer Seberry. Springer Verlag, 1999. pp. 213-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{55ca887e51514e9a90f64a9f02ef6084,

title = "An implementation of a secure version of NFS including RBAC",

abstract = "The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC_GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.",

author = "Paul Ashley and Bradley Broom and Mark Vandenwauver",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 1999.; 4th Australasian Conference on Information Security and Privacy, ACISP 1999 ; Conference date: 07-04-1999 Through 09-04-1999",

year = "1999",

doi = "10.1007/3-540-48970-3_18",

language = "English (US)",

isbn = "3540657568",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "213--227",

editor = "Josef Pieprzyk and Rei Safavi-Naini and Jennifer Seberry",

booktitle = "Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings",

}

TY - GEN

T1 - An implementation of a secure version of NFS including RBAC

AU - Ashley, Paul

AU - Broom, Bradley

AU - Vandenwauver, Mark

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 1999.

PY - 1999

Y1 - 1999

N2 - The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC_GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.

AB - The NFS protocol provides transparent remote access to shared file systems across networks. It is very popular particularly in Unix networks where it is probably the most common distributed file system technology. NFS however is rarely used outside closed protected networks, because its security is notoriously weak. In 1998 Sun Microsystems released what is considered the first attempt at providing comprehensive security to NFS: a security flavour called RPCSEC_GSS based on Kerberos V5 and the GSS-API. The main benefit of this version over previous versions is that for the first time each NFS file access call could be protected. This paper outlines our efforts to secure NFS producing a security solution with even greater functionality. The major new functionality is that users may optionally use an access control system based on role based access control (RBAC). RBAC allows users to log in, be provided with a role, and use this to transparently access their remote files through secure NFS. There are also other advantages provided, for example security for the mount protocol and the option of public-key technology for authentication and key distribution. NFS has been secured with SESAME V4 and the practicality and performance of this mechanism has been demonstrated by modifying the Linux kernel and NFS utilities.

UR - http://www.scopus.com/inward/record.url?scp=84961292693&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84961292693&partnerID=8YFLogxK

U2 - 10.1007/3-540-48970-3_18

DO - 10.1007/3-540-48970-3_18

M3 - Conference contribution

AN - SCOPUS:84961292693

SN - 3540657568

SN - 9783540657569

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 213

EP - 227

BT - Information Security and Privacy - 4th Australasian Conference, ACISP 1999, Proceedings

A2 - Pieprzyk, Josef

A2 - Safavi-Naini, Rei

A2 - Seberry, Jennifer

PB - Springer Verlag

T2 - 4th Australasian Conference on Information Security and Privacy, ACISP 1999

Y2 - 7 April 1999 through 9 April 1999

ER -

An implementation of a secure version of NFS including RBAC

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this