×

Security model for common multiplexed transactional logs

  • US 8,321,667 B2
  • Filed: 02/28/2007
  • Issued: 11/27/2012
  • Est. Priority Date: 02/28/2007
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for facilitating security for one or more log files in a multiplexed physical log that is commonly shared among log clients and implemented using stable storage, the method comprising the steps of:

  • establishing a protected subsystem in which file system operations are exclusively delegated to a machine-wide principal that accesses container files in an underlying secure file system used to back the commonly shared multiplexed physical log so that operations on the container files are segregated from operations on the one or more log files, a cryptographically-secure signature being associated with each of the one or more log files and each of the container files, the cryptographically-secure signature being arranged to protect log file metadata, the log file metadata including a container list;

    implementing a set of rules applicable to the container files in the secure file system, the rules includinga first rule specifying that the container files are created, opened and owned by the machine-wide principal that is provided with exclusive read/write and control access to the container files,a second rule specifying that a principal in an administrative group owns the container files but has no permission to delete the container files, or access data within the container files,a third rule specifying that a principal that owns a real log file has permission to read and delete container files underlying the real log file;

    providing, to log clients, a user-mode interface and a kernel-mode interface to the protected subsystem, the interfaces being arranged for enabling the log clients to make I/O requests in one or more virtual log streams to the one or more log files in the commonly shared multiplexed physical log through the principal;

    reserving an individual marshalling area for each of the virtual log streams, each of the individual marshalling areas having a unique address space in volatile memory and being configured to buffer log records written by a log client to a virtual log stream prior to being flushed to the commonly shared multiplexed physical log and to buffer log records read by a log client from the virtual log stream, the protected subsystem including a common log file system (CLFS) driver intercepting the I/O requests from the log clients to the underlying secure file system, the CLFS driver having associated therewith user-mode application programming interfaces (APIs) and kernel-mode APIs that provide the marshalling areas to the log clients;

    maintaining security semantics on a per-virtual log stream basis so that each virtual log stream is abstracted to a respective log client to appear as being stored in a dedicated log; and

    consolidating the I/O requests in the virtual log streams through the interface to the commonly shared multiplexed physical log in the underlying secure file system.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×