Clustered file systems for mix of trusted and untrusted nodes

US 8,578,478 B2
Filed: 04/03/2012
Issued: 11/05/2013
Est. Priority Date: 06/05/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a cluster of computer system nodes sharing direct read/write access to filesystems, comprising:

assigning a mandatory access control label as an extended attribute of a filesystem object administered by at least one trusted metadata server node, the mandatory access control label including a first indication of sensitivity and a first indication of integrity, wherein the extended attribute includes a free form data area associated with the filesystem object;

assigning a mandatory access control label having a second indication of sensitivity and a second indication of integrity to each node in the cluster; and

permitting access to the filesystem object by any node in the cluster when the second indication of sensitivity and the second indication of integrity assigned thereto meets criteria defined by the first indication of sensitivity and the first indication of integrity in the mandatory access control label of the filesystem object.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cluster of computer system nodes share direct read/write access to storage devices via a storage area network using a cluster filesystem. At least one trusted metadata server assigns a mandatory access control label as an extended attribute of each filesystem object regardless of whether required by a client node accessing the filesystem object. The mandatory access control label indicates the sensitivity and integrity of the filesystem object and is used by the trusted metadata server(s) to control access to the filesystem object by all client nodes.

159 Citations

20 Claims

1. A method of operating a cluster of computer system nodes sharing direct read/write access to filesystems, comprising:
- assigning a mandatory access control label as an extended attribute of a filesystem object administered by at least one trusted metadata server node, the mandatory access control label including a first indication of sensitivity and a first indication of integrity, wherein the extended attribute includes a free form data area associated with the filesystem object;
  
  assigning a mandatory access control label having a second indication of sensitivity and a second indication of integrity to each node in the cluster; and
  
  permitting access to the filesystem object by any node in the cluster when the second indication of sensitivity and the second indication of integrity assigned thereto meets criteria defined by the first indication of sensitivity and the first indication of integrity in the mandatory access control label of the filesystem object.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as recited in claim 1, wherein assigning of the mandatory access control label having the second indication of sensitivity and the second indication of integrity to each node uses a filesystem mandatory access control label if previously assigned to the filesystem object when the node requesting access to the filesystem object has no networking mandatory access control label for accessing the filesystem object.
  - 3. A method as recited in claim 1, wherein assigning of the mandatory access control label having the second indication of sensitivity and the second indication of integrity uses a networking mandatory access control label if previously assigned to the node and no filesystem mandatory access control label is assigned to the filesystem object.
  - 4. A method as recited in claim 3, wherein the mandatory access control label including the second indication of sensitivity and the second indication of integrity is assigned with a high indication of sensitivity and a low indication of integrity in response to no networking mandatory access control label being assigned to the node.
  - 5. A method as recited in claim 1, wherein:
    - an indication of sensitivity identifies what user or process can look at the filesystem object; and
      
      an indication of integrity identifies that the filesystem object came from a reliable source.

6. A non-transitory computer readable storage medium including code for operating a cluster of computer system nodes sharing direct read/write access to filesystem objects, the code operable to:
- assign a mandatory access control label as an extended attribute of a filesystem object administered by at least one trusted metadata server node, the mandatory access control label including a first indication of sensitivity and a first indication of integrity, wherein the extended attribute includes a free form data area associated with the filesystem object;
  
  assigning a mandatory access control label including a second indication of sensitivity and a second indication of integrity to each node of the cluster; and
  
  permitting access to the filesystem object by any node when the second indication of sensitivity and the second indication of integrity assigned thereto meets criteria defined by the first indication of sensitivity and the first indication of integrity in the mandatory access control label of the filesystem object.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer readable storage medium of claim 6, wherein assigning of the mandatory access control label including the second indication of sensitivity and the second indication of integrity uses a filesystem mandatory access control label if previously assigned to the filesystem object when the node requesting access to the filesystem object has no networking mandatory access control label for accessing the filesystem object.
  - 8. The non-transitory computer readable storage medium of claim 6, wherein assigning of the mandatory access control label including the second indication of sensitivity and the second indication of integrity uses a networking mandatory access control label if previously assigned to the node and no filesystem mandatory access control label is assigned to the filesystem object.
  - 9. The non-transitory computer readable storage medium of claim 8, wherein the mandatory access control label including the second indication of sensitivity and the second indication of integrity is assigned with a high indication of sensitivity and a low indication of integrity in response to no networking mandatory access control label being assigned to the node.
  - 10. The non-transitory computer readable storage medium of claim 6, wherein:
    - an indication of sensitivity identifies what user or process can look at the filesystem object; and
      
      an indication of integrity identifies that the filesystem object came from a reliable source.

11. A cluster of computer systems, comprising:
- storage devices storing at least one filesystem object;
  
  a storage area network coupled to the storage devices;
  
  metadata client nodes coupled to the storage area network; and
  
  a trusted metadata server node coupled to the storage area network, wherein the trusted metada server node assigns a mandatory access control label as an extended attribute of the at least one filesystem object, wherein the extended attribute includes a free form data area associated with the at least one filesystem object, wherein the mandatory access control label includes a first indication of sensitivity and a first indication of integrity, wherein the trusted metadata server node assigns a mandatory access control label including a second indication of sensitivity and a second indication of integrity to each node, and wherein the trusted metadata server node permits access to the filesystem object by any node when the second indication of sensitivity and the second indication of integrity assigned thereto meets criteria defined by the first indication of sensitivity and the first indication of integrity in the mandatory access control label of the filesystem object.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A cluster of computer systems of claim 11, wherein the trusted metadata server node assigns the mandatory access control label including the second indication of sensitivity and the second indication of integrity using a filesystem mandatory access control label if previously assigned to the filesystem object when the node requesting access to the filesystem object has no networking mandatory access control label for accessing the filesystem object.
  - 13. A cluster of computer systems of claim 11, wherein the trusted metadata server node assigns the mandatory access control label including the second indication of sensitivity and the second indication of integrity using a networking mandatory access control label if previously assigned to the node and no filesystem mandatory access control label is assigned to the filesystem object.
  - 14. The cluster of computer system of claim 13, wherein the mandatory access control label including the second indication of sensitivity and the second indication of integrity is assigned with a high indication of sensitivity and a low indication of integrity in response to no networking mandatory access control label being assigned to the node.
  - 15. A cluster of computer systems of claim 11, wherein:
    - an indication of sensitivity identifies what user or process can look at the filesystem object; and
      
      an indication of integrity identifies whether the filesystem object came from a reliable source.

16. A system of operating a cluster of computer system nodes sharing direct read/write access to filesystems, comprising:
- a trusted metadata server node, wherein access to mass storage is shared by a mixture of trusted and untrusted nodes, wherein shared data is stored with labeling used by the trusted nodes in the cluster of computer system nodes, and wherein the trusted metadata server node;
  
  assigns a mandatory access control label as an extended attribute of a filesystem object, the mandatory access control label including a first indication of sensitivity and a first indication of integrity, wherein the extended attribute includes a free form data area associated with the filesystem object;
  
  assigns a mandatory access control label having a second indication of sensitivity and a second indication of integrity to each node in the cluster; and
  
  permits access to the filesystem object by any node when the second indication of sensitivity and the second indication of integrity assigned thereto meets criteria defined by the first indication of sensitivity and the first indication of integrity in the mandatory access control label of the filesystem object.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the trusted metadata server node assigns the mandatory access control label having the second indication of sensitivity and the second indication of integrity to each node uses a filesystem mandatory access control label if previously assigned to the filesystem object when the node requesting access to the filesystem object has no networking mandatory access control label for accessing the filesystem object.
  - 18. The system of claim 16, wherein the trusted metadata server node assigns the mandatory access control label having the second indication of sensitivity and the second indication of integrity uses a networking mandatory access control label if previously assigned to the node and no filesystem mandatory access control label is assigned to the filesystem object.
  - 19. The system of claim 18, wherein the mandatory access control label including the second indication of sensitivity and the second indication of integrity is assigned with a high indication of sensitivity and a low indication of integrity in response to no networking mandatory access control label being assigned to the node.
  - 20. The system of claim 16, wherein:
    - an indication of sensitivity identifies what user or process can look at the filesystem object; and
      
      an indication of integrity identifies that the filesystem object came from a reliable source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Silicon Graphics International Corporation (Hewlett-Packard Enterprise Company)
Inventors
Beck, Kenneth S.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US13/438,304
Publication Number

US 20120192270A1
Time in Patent Office

581 Days
Field of Search

None
US Class Current

726/21
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0745   in an input/output transact...

G06F 11/0772   Means for error signaling, ...

G06F 11/3006   where the computing system ...

G06F 21/6218   to a system of files or obj...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/485   Task life-cycle, e.g. stopp...

H04L 63/101   Access control lists [ACL]

H04L 63/12   Applying verification of th...

Y10S 707/99931   Database or file accessing

Clustered file systems for mix of trusted and untrusted nodes

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Clustered file systems for mix of trusted and untrusted nodes

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links