A Tag-Based, Logical Access-Control Framework for Personal File Sharing

Mazurek, Michelle L.

01 May 2014

People store and share ever-increasing numbers of digital documents, photos, and other files, both on personal devices and within online services. In this environment, proper access control is critical to help users obtain the benefits of sharing varied content with different groups of people while avoiding trouble at work, embarrassment, identity theft, and other problems related to unintended disclosure. Current approaches often fail, either because they insufficiently protect data or because they confuse users about policy specification. Historically, correctly managing access control has proven difficult, timeconsuming, and error-prone, even for experts; to make matters worse, access control remains a secondary task most non-experts are unwilling to spend significant time on. To solve this problem, access control for file-sharing tools and services should provide verifiable security, make policy configuration and management simple and understandable for users, reduce the risk of user error, and minimize the required user effort. This thesis presents three user studies that provide insight into people’s access-control needs and preferences. Drawing on the results of these studies, I present Penumbra, a prototype distributed file system that combines semantic, tag-based policy specification with logicbased access control, flexibly supporting intuitive policies while providing high assurance of correctness. Penumbra is evaluated using a set of detailed, realistic case studies drawn from the presented user studies. Using microbenchmarks and traces generated from the case studies, Penumbra can enforce users’ policies with overhead less than 5% for most system calls. Finally, I present lessons learned, which can inform the further development of usable access-control mechanisms both for sharing files and in the broader context of personal data.

access control

file systems

usability

Decorating Asterisk : experiments in service creation for a multi-protocol telephony environment using open source tools

Hitchcock, Jonathan

January 2006

As Voice over IP becomes more prevalent, value-adds to the service will become ubiquitous. Voice over IP (VoIP) is no longer a single service application, but an array of marketable services of increasing depth, which are moving into the non-desktop market. In addition, as the range of devices being generally used increases, it will become necessary for all services, including VoIP services, to be accessible from multiple platforms and through varied interfaces. With the recent introduction and growth of the open source software PBX system named Asterisk, the possibility of achieving these goals has become more concrete. In addition to Asterisk, a number of open source systems are being developed which facilitate the development of systems that interoperate over a wide variety of platforms and through multiple interfaces. This thesis investigates Asterisk in terms of its viability to provide the depth of services that will be required in a VoIP environment, as well as a number of other open source systems in terms of what they can offer such a system. In addition, it investigates whether these services can be made available on different devices. Using various systems built as a proof-of-concept, this thesis shows that Asterisk, in conjunction with various other open source projects, such as the Twisted framework provides a concrete tool which can be used to realise flexible and protocol independent telephony solutions for a small to medium enterprise.

Asterisk (Computer file)

Internet telephony

Extensibility in ORDBMS databases : an exploration of the data cartridge mechanism in Oracle9i

Ndakunda, Tulimevava Kaunapawa

18 June 2013

To support current and emerging database applications, Object-Relational Database Management Systems (ORDBMS) provide mechanisms to extend the data storage capabilities and the functionality of the database with application-specific types and methods. Using these mechanisms, the database may contain user-defined data types, large objects (LOBs), external procedures, extensible indexing, query optimisation techniques and other features that are treated in the same way as built-in database features . The many extensibility options provided by the ORDBMS, however, raise several implementation challenges that are not always obvious. This thesis examines a few of the key challenges that arise when extending Oracle database with new functionality. To realise the potential of extensibility in Oracle, the thesis used the problem area of image retrieval as the main test domain. Current research efforts in image retrieval are lagging behind the required retrieval, but are continuously improving. As better retrieval techniques become available, it is important that they are integrated into the available database systems to facilitate improved retrieval. The thesis also reports on the practical experiences gained from integrating an extensible indexing scenario. Sample scenarios are integrated in Oracle9i database using the data cartridge mechanism, which allows Oracle database functionality to be extended with new functional components. The integration demonstrates how additional functionality may be effectively applied to both general and specialised domains in the database. It also reveals alternative design options that allow data cartridge developers, most of who are not database server experts, to extend the database. The thesis is concluded with some of the key observations and options that designers must consider when extending the database with new functionality. The main challenges for developers are the learning curve required to understand the data cartridge framework and the ability to adapt already developed code within the constraints of the data cartridge using the provided extensibility APls. Maximum reusability relies on making good choices for the basic functions, out of which specialised functions can be built. / KMBT_363 / Adobe Acrobat 9.54 Paper Capture Plug-in

Database management

Oracle (Computer file)

Backup, recovery and archiving of files in a multi-access computing system

Wight, Alexander Sinclair

January 1974

General-purpose multi-access computing systems with files stored on random-access devices require that these files be protected. If the total on-line storage is inadequate there is a need for wellorganized off-line storage. This thesis discusses the management problems involved in handling backup and archive copies of files. In Part I we review what a number of systems, including the Edinburgh Multi-Access System (EMAS), have achieved. We also consider the influences of hardware and other forms of computing system. In Part II we return to EMAS and propose a design and an implementation to provide comprehensive facilities, for backup copies of files and recovery of them, and also for archive storage.

005.3

Security Without Cost : A Cryptographic Log-structured File System / Säkerhet utan kostnad : Ett kryptografiskt log-strukturerat filsystem

Knutsson, Karl

January 2002

Historically, cryptographic file systems have been several times slower than non-cryptographic file systems. This paper describes the design and implementation of a fast Cryptographic Log-structured File System on OpenBSD. We experimentally demonstrate that our pro-totype file system performs close to the Fast File System (FFS) and the Log-structured File System (LFS). To increase performance, our file system performs most encryption and decryption work during disk read and write operations. This is possible thanks to the SEAL encryption algorithm, a software optimized stream cipher that allows the en-cryption work to be performed prior to the actual data is available. We believe that our cryptographic file system design is ideal for optimal read and write performance on locally stored confidential data. / Denna uppsats beskriver utvecklingen av ett kryptografiskt log-strukturerat filsystem och vi visar genom experiment att dess prestanda är jämförbar med lokala filsystem. / Karl Knutsson Skiftesgatan 40 332 35 Gislaved Sweden

File System

Secure File Storage

Log-structured File System

Cryptography

Computer Sciences

Datavetenskap (datalogi)

Monitor and manage system and application configuration files at kernel level in GNU/Linux

Stanković, Saša

January 2015

The aim of this study is to investigate if there is a way a computer can accurately and automatically react on altered configuration file(s) with a minimum of resource utilization and by what means the developer(s) of an application can perform a check of the altered configuration file for their application. In a typical GNU/Linux installation the configuration files are literally counted by the thousands, monitoring these files is a task that for the most part exceeds any system administrator's abilities. Each file has its own syntax that needs to be known by the administrator. Either one of these two tasks could give any system administrator nightmares concerning the difficulty level especially when both tasks are combined. The system administrator could attempt to automate the monitoring tasks together with the syntax checking. There are some tools in the repositories of each distribution for monitoring files but none that lets one monitor and take (predefined or user defined) actions based on what the file monitor reports, the type of file and its contents. A complete tool is not presented in this study, merely a proof of concept that monitoring and taking actions especially with version 2.6.13 (or newer) kernel of GNU/Linux with plugins are quite possible with relatively small computer resource. During this study some questions arose that are worth taking into consideration when a complete monitoring tool is to be developed, amongst others they are: add a trusted user, add both textual and graphical user interface, monitor more than one file path. This study was performed on GNU/Linux CentOS 6 distribution, all programming was done in BASH with an effort to minimize used/installed programs.

proof of concept

configuration file

linux

file monitor

file syntax

file grammar

undelete

version

versioning

file restore

plugin

Computer and Information Sciences

Data- och informationsvetenskap

Extreme scale data management in high performance computing

Lofstead, Gerald Fredrick

15 November 2010

Extreme scale data management in high performance computing requires consideration of the end-to-end scientific workflow process. Of particular importance for runtime performance, the write-read cycle must be addressed as a complete unit. Any optimization made to enhance writing performance must consider the subsequent impact on reading performance. Only by addressing the full write-read cycle can scientific productivity be enhanced. The ADIOS middleware developed as part of this thesis provides an API nearly as simple as the standard POSIX interface, but with the flexibilty to choose what transport mechanism(s) to employ at or during runtime. The accompanying BP file format is designed for high performance parallel output with limited coordination overheads while incorporating features to accelerate subsequent use of the output for reading operations. This pair of optimizations of the output mechanism and the output format are done such that they either do not negatively impact or greatly improve subsequent reading performance when compared to popular self-describing file formats. This end-to-end advantage of the ADIOS architecture is further enhanced through techniques to better enable asychronous data transports affording the incorporation of 'in flight' data processing operations and pseudo-transport mechanisms that can trigger workflows or other operations.

Adaptive

File systems

HPC

IO

Storage

File organization (Computer science)

Type- and Workload-Aware Scheduling of Large-Scale Wide-Area Data Transfers

Kettimuthu, Rajkumar

02 October 2015

No description available.

Computer Science

Porting the UCSD p-system to UNIX

Qualls, Carlos Lynn

January 2010

Typescript (photocopy). / Digitized by Kansas Correctional Industries

UCSD p-System

UNIX (Computer file)

INTEROPERABILITY TESTING OF THE CCSDS FILE DELIVERY PROTOCOL

Carper, Richard D.

10 1900

International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / The CCSDS recently developed the CCSDS File Delivery Protocol which can operate in configurations from simple point-to-point space/ground systems to complex arrangements of orbiters, landers, relaying spacecraft, and multiple ground facilities. An international interoperability test program has been developed in support of the development and fielding of the protocol. The first phase was successfully completed in the Fall of 2002. The second phase is to be completed about the time of the presentation of this paper. First phase testing involved five independent implementations of the Core Procedures of the protocol. Since these Procedures are for point-to-point file transfers, only two protocol “entities” were involved in each executed test. The second phase tests other Procedures, which involve multi-hop transferring of files. This phase will involve two separate, independent implementations, with one implementation being hosted on multiple hardware/OS platforms. Each test will involve three or more entities.

File Delivery Protocol

CSDS

interoperability testing