Permission management in distributed file systems

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Todays online, distributed data sharing methods mainly based on the concept of Access Control List (ACL) - there is a central entity, usually the operating system (OS) who enforces the permissions in ACL. This is simple and fast, however problematic.

Firstly, if the OS is hacked, the hacker can access every file in contempt of the ACL.

Secondly, the administrators of the OS can access the users' private files. The other way of online distributed file-sharing are the cryptographical file-systems: every file encrypted and signed before uploaded to the

server. In these systems there is no problem with hackers or the curiosity of the administrators, because

every file is encrypted, providing confidentiality, and signed, providing the possibility of detecting unauthorized modification.

On the other hand, the permission handling is problematic, because handling encryption and signature keys in dynamically changing

environment, like file systems, are a non-trivial issue - some users might be granted permissions, while others' permissions have to be revoked. This paper describe how to efficiently handle read and write permissions on distributed, untrusted storage system with dynamically changing permissions and user groups.


Please sign in to download the files of this thesis.