Your SlideShare is downloading. ×
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Integrity and Security in Filesystems
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Integrity and Security in Filesystems

232

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
232
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
  • 2. Linux Introduction.
  • 3. Introduction.● Whats free software?● What is the Linux kernel?● A little story about the Linux kernel.● Architecture portability.● Linux maintainment.● General ideas.
  • 4. Filesystem Sources.
  • 5. Filesystem sources.● Fs/● Superblock, aio, acls, file, file_table, inode,attr, quota..● Binfmt*● Adfs, affs, afs, autofs, befs, bfs, coda,cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4,umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix,romfs, ....
  • 6. Filesystem Introduction.
  • 7. Filesystem Introduction.● Whats a Filesystem?● Management with VFS layer.● Proc fs.● Sysfs.● Relayfs.● Udev y hotplugging.
  • 8. Whats a Filesystem?● A place to storage data on disk.● Superblock.● Inodes.● Directory entries.● Files.
  • 9. Filesystem Form with VFS● Superblock and sb_ops.● Inode and inode_ops.● File and file_operations.● Register_filesystem● Mounting a filesystem● Accesing data filesystem via definedsyscalls.
  • 10. More Known Filesystems.● ext2/ext3● Jfs● Reiser3 y reiser4.● XFS● NTFS● UDF● Distributed filesystems: NFS, Coda, SMB,AFS.
  • 11. The future of filesystems.● More oriented-object or more oo.● Modularity via plugins.● Fasters searching data.● Encryption and compression support.● More robusted used algorithms.● Better storage.
  • 12. Reiserfs4 Overview.
  • 13. Basic semantics.● Files.● Names and objects.● Namespaces and interfaces.● Directories.● Security attributes.
  • 14. Trees concepts.● Set of nodes.● Fanout.● Finited and infinited trees.● Keys to identify objects.● Node structure.● Items structure.
  • 15. Trees design.● Height or space balanced.● B and b+ trees.● Htrees.● Positional trees.● Dancing trees.● Cache design.
  • 16. Nodes.● Identified by a key.● Formatted and unformatted.● Leaf and twig nodes.● Items: nodes collection to storage data.● Units: data that we put in the whole item.
  • 17. Storing Data.● Graphs and dancing trees.● Separate layers: semantic and storage.● BLOBs and extents.
  • 18. Atomic filesystem● Brief history about fs crashing.● Filesystem checkers.● Reducing the damage with atomic op.● Journaled location.● Commiting allocation.
  • 19. Repacker.● 80% remain unchanged on disk.● Ordering the tree.● Sort the tree and pack perfectly.● Eliminates posible fragmentation.
  • 20. Journaling.● Location on disk: journal/log.● Commited area.● Problem: twice write data.● Metadata journaling.● Solution: Wandering logging.● Commiting and transactional layer.● Copy-on-capture and steal-on-capture.
  • 21. Distributed Filesystem.
  • 22. WAFL.● Distributed Filesystem● Used in network appliances.● Snapshots.● Copy-on-write.● Large files, NFS, high performance and aquickly restart.
  • 23. Plugins design.● File, directory and hash.● Security.● Item● Key assignment.● Node and item search.● Still not dinamically loaded.
  • 24. Reiser future.● Cryptography and compression.● Quotas support.● Dynamic plugins.● Distributed filesystem.● Encryption on commit.
  • 25. Seguridad en sistemas de ficheros.
  • 26. Basic Polices.● Credentials.● Capabilities.● ACLs● Attributes.● Metadata.
  • 27. Security in filesystems.● Filesystem and swap crypto.● CryptoAPI support.● LSM hooks for the file access.● File capabilities.
  • 28. CryptoAPI.
  • 29. ● Criptografiia en kernel space.● Uso de scatterlists.● Implementación de criptografía de claveprivada y hashing (ciphers y digests)● Ejemplos: MD4, MD5, DES, AES,Blowfish, Twofish, ..● Patent-free (IDEA en el 2011? :-) yestandarizados.● Necesidad por ipv6, packet encryption.● Firma de módulos.
  • 30. #include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
  • 31. Cryptoloop.● Inicializamos pool con dd.● Cargar cipher.● Losetup -e twofish /dev/loop0 /pool● Keysize and password.● Crear sistema de ficheros para loop.● Montamos sobre loop.● Desmontamos loop y filesystem.
  • 32. Benchmarking.● Contest.● LTT.● Linux Test Project.● Classics benchmarks.
  • 33. Linux Security Modules.
  • 34. LSM.● NSA, SELinux, SGI, Inmunix y Janus.● Capabilities.● sys_security y security_operations.● register_security● selinux_plug_init● netfilter.
  • 35. Referencias.● Nucleo desarrollo: listas.hispalinux.es● Kernelnewbies-es y kernelnewbies.● Kerneljanitors.● LKML.● Posthalloween 2.5.x● Artículos en www.lwn.net sobre DriversPorting.● Traducciones en es.gnu.org/~alejandro.
  • 36. ¿¿¿Preguntas???
  • 37. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org

×