SlideShare a Scribd company logo

Integrity and Security in Filesystems

Download as PPT, PDF
Conferencias FIST
Conferencias FIST
Technology
1 of 37
Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
Linux Introduction.
Introduction. ● What's free software? ● What is the Linux kernel? ● A little story about the Linux kernel. ● Architecture portability. ● Linux maintainment. ● General ideas.
Filesystem Sources.
Filesystem sources. ● Fs/ ● Superblock, aio, acls, file, file_table, inode, attr, quota.. ● Binfmt* ● Adfs, affs, afs, autofs, befs, bfs, coda, cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4, umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix, romfs, ....
Filesystem Introduction.
Filesystem Introduction. ● What's a Filesystem? ● Management with VFS layer. ● Proc fs. ● Sysfs. ● Relayfs. ● Udev y hotplugging.
What's a Filesystem? ● A place to storage data on disk. ● Superblock. ● Inodes. ● Directory entries. ● Files.
Filesystem Form with VFS ● Superblock and sb_ops. ● Inode and inode_ops. ● File and file_operations. ● Register_filesystem ● Mounting a filesystem ● Accesing data filesystem via defined syscalls.
More Known Filesystems. ● ext2/ext3 ● Jfs ● Reiser3 y reiser4. ● XFS ● NTFS ● UDF ● Distributed filesystems: NFS, Coda, SMB, AFS.
The future of filesystems. ● More oriented-object or more oo. ● Modularity via plugins. ● Fasters searching data. ● Encryption and compression support. ● More robusted used algorithms. ● Better storage.
Reiserfs4 Overview.
Basic semantics. ● Files. ● Names and objects. ● Namespaces and interfaces. ● Directories. ● Security attributes.
Trees concepts. ● Set of nodes. ● Fanout. ● Finited and infinited trees. ● Keys to identify objects. ● Node structure. ● Items structure.
Trees design. ● Height or space balanced. ● B and b+ trees. ● Htrees. ● Positional trees. ● Dancing trees. ● Cache design.
Nodes. ● Identified by a key. ● Formatted and unformatted. ● Leaf and twig nodes. ● Items: nodes collection to storage data. ● Units: data that we put in the whole item.
Storing Data. ● Graphs and dancing trees. ● Separate layers: semantic and storage. ● BLOB's and extents.
Atomic filesystem ● Brief history about fs crashing. ● Filesystem checkers. ● Reducing the damage with atomic op. ● Journaled location. ● Commiting allocation.
Repacker. ● 80% remain unchanged on disk. ● Ordering the tree. ● Sort the tree and pack perfectly. ● Eliminates posible fragmentation.
Journaling. ● Location on disk: journal/log. ● Commited area. ● Problem: twice write data. ● Metadata journaling. ● Solution: Wandering logging. ● Commiting and transactional layer. ● Copy-on-capture and steal-on-capture.
Distributed Filesystem.
WAFL. ● Distributed Filesystem ● Used in network appliances. ● Snapshots. ● Copy-on-write. ● Large files, NFS, high performance and a quickly restart.
Plugins design. ● File, directory and hash. ● Security. ● Item ● Key assignment. ● Node and item search. ● Still not dinamically loaded.
Reiser future. ● Cryptography and compression. ● Quotas support. ● Dynamic plugins. ● Distributed filesystem. ● Encryption on commit.
Seguridad en sistemas de ficheros.
Basic Polices. ● Credentials. ● Capabilities. ● ACL's ● Attributes. ● Metadata.
Security in filesystems. ● Filesystem and swap crypto. ● CryptoAPI support. ● LSM hooks for the file access. ● File capabilities.
CryptoAPI.
● Criptografiia en kernel space. ● Uso de scatterlists. ● Implementación de criptografía de clave privada y hashing (ciphers y digests) ● Ejemplos: MD4, MD5, DES, AES, Blowfish, Twofish, .. ● Patent-free (IDEA en el 2011? :-) y estandarizados. ● Necesidad por ipv6, packet encryption. ● Firma de módulos.
#include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
Cryptoloop. ● Inicializamos pool con dd. ● Cargar cipher. ● Losetup -e twofish /dev/loop0 /pool ● Keysize and password. ● Crear sistema de ficheros para loop. ● Montamos sobre loop. ● Desmontamos loop y filesystem.
Benchmarking. ● Contest. ● LTT. ● Linux Test Project. ● Classics benchmarks.
Linux Security Modules.
LSM. ● NSA, SELinux, SGI, Inmunix y Janus. ● Capabilities. ● sys_security y security_operations. ● register_security ● selinux_plug_init ● netfilter.
Referencias. ● Nucleo desarrollo: listas.hispalinux.es ● Kernelnewbies-es y kernelnewbies. ● Kerneljanitors. ● LKML. ● Posthalloween 2.5.x ● Artículos en www.lwn.net sobre Drivers Porting. ● Traducciones en es.gnu.org/~alejandro.
¿¿¿Preguntas???
Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org

Recommended

Redis talk
Redis talkRedis talk
Redis talkEdson Lima Junior
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovOpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015OpenVZ
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
Mongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesMongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesAbhinav Jha
 
Ceph Internals
Ceph InternalsCeph Internals
Ceph InternalsVictor Santos
 
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelOSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelNETWAYS
 

Recommended

Redis talk
Redis talkRedis talk
Redis talkEdson Lima Junior
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovOpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015OpenVZ
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
Mongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesMongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesAbhinav Jha
 
Ceph Internals
Ceph InternalsCeph Internals
Ceph InternalsVictor Santos
 
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelOSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelNETWAYS
 
Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Luc Perkins
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceKostja Osipov
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案Hua Chu
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ontico
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Andrey Vagin
 
Linux for Beginners
Linux for BeginnersLinux for Beginners
Linux for BeginnersGobinath Loganathan
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other sideYoungChoonTae
 
Introduction to Internet of Things
Introduction to Internet of ThingsIntroduction to Internet of Things
Introduction to Internet of ThingsNagasai Arun Panchakarla
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsPositive Hack Days
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsXcodepro
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Saleem Ansari
 
DNSCurve
DNSCurveDNSCurve
DNSCurveSabbir Ahmmed
 
Database File System
Database File SystemDatabase File System
Database File SystemAnas R.
 
Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond AwarenessConferencias FIST
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Security Metrics
Security MetricsSecurity Metrics
Security MetricsConferencias FIST
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access ProtectionConferencias FIST
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Conferencias FIST
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAMConferencias FIST
 

More Related Content

What's hot

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Luc Perkins
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceKostja Osipov
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案Hua Chu
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ontico
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Andrey Vagin
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other sideYoungChoonTae
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsPositive Hack Days
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsXcodepro
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Saleem Ansari
 
Database File System
Database File SystemDatabase File System
Database File SystemAnas R.
 

What's hot (15)

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
 
Linux for Beginners
Linux for BeginnersLinux for Beginners
Linux for Beginners
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other side
 
Introduction to Internet of Things
Introduction to Internet of ThingsIntroduction to Internet of Things
Introduction to Internet of Things
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutions
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data Scientists
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005
 
DNSCurve
DNSCurveDNSCurve
DNSCurve
 
Database File System
Database File SystemDatabase File System
Database File System
 

Viewers also liked

Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAMConferencias FIST
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentationSpeech2023
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignConferencias FIST
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web ProtectionConferencias FIST
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008Conferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

Viewers also liked (16)

Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond Awareness
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USB
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHP
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAM
 
Durabilidad
DurabilidadDurabilidad
Durabilidad
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentation
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture Design
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to Asia
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web Protection
 
Oissg
OissgOissg
Oissg
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 

Similar to Integrity and Security in Filesystems

LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)Linaro
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsKenny (netman)
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetupasihan
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-reviewabinaya m
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsShu-Yu Fu
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyMongoDB
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2Gang He
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemKumar Amit Mehta
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smartJeff Beley
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architectureSHAJANA BASHEER
 

Similar to Integrity and Security in Filesystems (20)

When ACLs Attack
When ACLs AttackWhen ACLs Attack
When ACLs Attack
 
FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016
 
FUSE Filesystems
FUSE FilesystemsFUSE Filesystems
FUSE Filesystems
 
LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
Strata - 03/31/2012
Strata - 03/31/2012Strata - 03/31/2012
Strata - 03/31/2012
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fs
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetup
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
DEVIEW 2013
DEVIEW 2013DEVIEW 2013
DEVIEW 2013
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-review
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File Systems
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data Safety
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File system
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smart
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
 
Hdfs architecture
Hdfs architectureHdfs architecture
Hdfs architecture
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architecture
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Integrity and Security in Filesystems

  • 1. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
  • 3. Introduction. ● What's free software? ● What is the Linux kernel? ● A little story about the Linux kernel. ● Architecture portability. ● Linux maintainment. ● General ideas.
  • 5. Filesystem sources. ● Fs/ ● Superblock, aio, acls, file, file_table, inode, attr, quota.. ● Binfmt* ● Adfs, affs, afs, autofs, befs, bfs, coda, cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4, umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix, romfs, ....
  • 7. Filesystem Introduction. ● What's a Filesystem? ● Management with VFS layer. ● Proc fs. ● Sysfs. ● Relayfs. ● Udev y hotplugging.
  • 8. What's a Filesystem? ● A place to storage data on disk. ● Superblock. ● Inodes. ● Directory entries. ● Files.
  • 9. Filesystem Form with VFS ● Superblock and sb_ops. ● Inode and inode_ops. ● File and file_operations. ● Register_filesystem ● Mounting a filesystem ● Accesing data filesystem via defined syscalls.
  • 10. More Known Filesystems. ● ext2/ext3 ● Jfs ● Reiser3 y reiser4. ● XFS ● NTFS ● UDF ● Distributed filesystems: NFS, Coda, SMB, AFS.
  • 11. The future of filesystems. ● More oriented-object or more oo. ● Modularity via plugins. ● Fasters searching data. ● Encryption and compression support. ● More robusted used algorithms. ● Better storage.
  • 13. Basic semantics. ● Files. ● Names and objects. ● Namespaces and interfaces. ● Directories. ● Security attributes.
  • 14. Trees concepts. ● Set of nodes. ● Fanout. ● Finited and infinited trees. ● Keys to identify objects. ● Node structure. ● Items structure.
  • 15. Trees design. ● Height or space balanced. ● B and b+ trees. ● Htrees. ● Positional trees. ● Dancing trees. ● Cache design.
  • 16. Nodes. ● Identified by a key. ● Formatted and unformatted. ● Leaf and twig nodes. ● Items: nodes collection to storage data. ● Units: data that we put in the whole item.
  • 17. Storing Data. ● Graphs and dancing trees. ● Separate layers: semantic and storage. ● BLOB's and extents.
  • 18. Atomic filesystem ● Brief history about fs crashing. ● Filesystem checkers. ● Reducing the damage with atomic op. ● Journaled location. ● Commiting allocation.
  • 19. Repacker. ● 80% remain unchanged on disk. ● Ordering the tree. ● Sort the tree and pack perfectly. ● Eliminates posible fragmentation.
  • 20. Journaling. ● Location on disk: journal/log. ● Commited area. ● Problem: twice write data. ● Metadata journaling. ● Solution: Wandering logging. ● Commiting and transactional layer. ● Copy-on-capture and steal-on-capture.
  • 22. WAFL. ● Distributed Filesystem ● Used in network appliances. ● Snapshots. ● Copy-on-write. ● Large files, NFS, high performance and a quickly restart.
  • 23. Plugins design. ● File, directory and hash. ● Security. ● Item ● Key assignment. ● Node and item search. ● Still not dinamically loaded.
  • 24. Reiser future. ● Cryptography and compression. ● Quotas support. ● Dynamic plugins. ● Distributed filesystem. ● Encryption on commit.
  • 25. Seguridad en sistemas de ficheros.
  • 26. Basic Polices. ● Credentials. ● Capabilities. ● ACL's ● Attributes. ● Metadata.
  • 27. Security in filesystems. ● Filesystem and swap crypto. ● CryptoAPI support. ● LSM hooks for the file access. ● File capabilities.
  • 29. ● Criptografiia en kernel space. ● Uso de scatterlists. ● Implementación de criptografía de clave privada y hashing (ciphers y digests) ● Ejemplos: MD4, MD5, DES, AES, Blowfish, Twofish, .. ● Patent-free (IDEA en el 2011? :-) y estandarizados. ● Necesidad por ipv6, packet encryption. ● Firma de módulos.
  • 30. #include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
  • 31. Cryptoloop. ● Inicializamos pool con dd. ● Cargar cipher. ● Losetup -e twofish /dev/loop0 /pool ● Keysize and password. ● Crear sistema de ficheros para loop. ● Montamos sobre loop. ● Desmontamos loop y filesystem.
  • 32. Benchmarking. ● Contest. ● LTT. ● Linux Test Project. ● Classics benchmarks.
  • 34. LSM. ● NSA, SELinux, SGI, Inmunix y Janus. ● Capabilities. ● sys_security y security_operations. ● register_security ● selinux_plug_init ● netfilter.
  • 35. Referencias. ● Nucleo desarrollo: listas.hispalinux.es ● Kernelnewbies-es y kernelnewbies. ● Kerneljanitors. ● LKML. ● Posthalloween 2.5.x ● Artículos en www.lwn.net sobre Drivers Porting. ● Traducciones en es.gnu.org/~alejandro.
  • 37. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org