SECURED FILE SYSTEM MANAGEMENT
First Claim
1. A method for processing file system requests using a file server, the method comprising:
- receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory;
obtaining a community of interest (COI) credential associated with the user identification;
identifying the existing directory in the path;
determining whether at least one COI included in the COI credential matches at least one COI associated with the existing directory; and
assessing visibility of the existing directory to the caller based on a COI associated with the existing directory;
wherein;
if at least one COI included in the COI credential matches at least one COI associated in the directory, assessing visibility of the existing directory includes assessing user access permission to the existing directory; and
if no COI included in the COI credential matches a COI associated in the existing directory, assessing visibility of the existing directory includes returning an indication, to the caller, that the existing directory does not exist.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for establishing a secure file system are disclosed, in which system endpoints such as files and directories in a file system are protected using a security appliance. The security appliance protects each endpoint in the file system from unauthorized access by making those endpoints invisible to unauthorized users. The security appliance organizes users and endpoints into various communities of interest (COI). A user COI groups users such that all users associated with that particular COI have authorization to view the same one or more endpoints located in file storage.
10 Citations
23 Claims
-
1. A method for processing file system requests using a file server, the method comprising:
-
receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory; obtaining a community of interest (COI) credential associated with the user identification; identifying the existing directory in the path; determining whether at least one COI included in the COI credential matches at least one COI associated with the existing directory; and assessing visibility of the existing directory to the caller based on a COI associated with the existing directory;
wherein;if at least one COI included in the COI credential matches at least one COI associated in the directory, assessing visibility of the existing directory includes assessing user access permission to the existing directory; and if no COI included in the COI credential matches a COI associated in the existing directory, assessing visibility of the existing directory includes returning an indication, to the caller, that the existing directory does not exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for processing file system requests using a file server, the method comprising:
-
receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path including one or more existing directories and an existing file; and obtaining a community of interest (COI) credential associated with the user identification; for each directory in the path; identifying the directory in the path; determining whether at least one COI included in the COI credential matches a COI associated with the directory; and assessing visibility of the directory to the caller based on a COI associated with the directory; identifying the file in the path; determining whether at least one COI included in the COI credential matches a COI associated with the file; and assessing visibility of the file to the caller based on the COI associated with the file, wherein; if at least one COI included in the COI credential matches a COI associated in the file, assessing visibility of the file includes assessing user access permission to the file; and if no COI included in the COI credential matches a COI associated in the file, assessing visibility of the file includes returning an indication, to the caller, that the file does not exist. - View Dependent Claims (12, 13)
-
-
14. A system for processing file system requests, comprising:
-
a file server having a file storage and a file system manager, the file storage for storing one or more directories and files; wherein the file system manager performs the steps of; receiving a file system request and a user identification associated with the file system request from a caller, wherein the file system request includes a path identifying an existing directory; obtaining, from a stealth appliance that is separate from the file server, a community of interest (COI) credential associated with a user identification; identifying the directory in the path; determining whether at least one COI included in the COI credential matches a COI associated with the directory; assessing visibility of the directory to the caller based on the COI associated with the directory;
wherein;if at least one COI included in the COI credential matches a COI associated in the directory, assessing user access permission to the directory; and if no COI included in the COI credential matches a COI associated in the directory, returning an indication, to the caller, that the directory does not exist. - View Dependent Claims (15, 16, 17)
-
-
18. A method for accessing files in a file server by a caller, the method comprising:
-
issuing, to a file system manager of a file server, a file system request and an identification of the caller, wherein the file system request includes a path identifying an existing directory that includes an existing file; and receiving a response from the file system manager indicative of visibility of the existing file to the caller based on an assessment of whether the caller is a member of a community of interest associated with at least one of the existing file and the existing directory. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification