Method for extending the fragment mapping protocol to prevent malicious access to virtualized storage
First Claim
Patent Images
1. A file server for serving a file system, the file server comprising:
- an interface configured to receive a query from a storage device to validate a request made by a client device to access a file from the storage device, the query including a user identifier and a file location associated with the file access request; and
a non-transitory computer usable medium having a computer readable program code, said computer readable program code including;
a reverse map configured to translate the file location into a file descriptor, the file descriptor being used to obtain meta-data corresponding to the file; and
a permission query handler, operative to determine, in response to the meta-data and access information associated with the file descriptor, whether the client device associated with the user identifier is authorized to access the file,the interface configured to send a determination indication to the data storage device in order to prompt the data storage device to allow the client device to access the file only if the client device is authorized to access the file.
10 Assignments
0 Petitions
Accused Products
Abstract
Extensions to the Fragment Mapping Protocol are introduced which protect a disk array from malicious client access by exporting file system access information to the storage device. FMP requests received at the storage device can be authorized at a block granularity prior to completion, thereby limiting the exposure of the disk array to malicious clients. Client authorizations can be cached at the storage device to enable the permissions to be quickly extracted for subsequent client accesses to pre-authorized volumes.
-
Citations
17 Claims
-
1. A file server for serving a file system, the file server comprising:
-
an interface configured to receive a query from a storage device to validate a request made by a client device to access a file from the storage device, the query including a user identifier and a file location associated with the file access request; and a non-transitory computer usable medium having a computer readable program code, said computer readable program code including; a reverse map configured to translate the file location into a file descriptor, the file descriptor being used to obtain meta-data corresponding to the file; and a permission query handler, operative to determine, in response to the meta-data and access information associated with the file descriptor, whether the client device associated with the user identifier is authorized to access the file, the interface configured to send a determination indication to the data storage device in order to prompt the data storage device to allow the client device to access the file only if the client device is authorized to access the file. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a storage interface configured to communicate with a plurality of storage devices; a client interface configured to communicate with a plurality of clients seeking access to the plurality of storage devices, including to receive a request from a coupled client device to access an extent of data from the storage devices; a network interface configured to communicate with a file server which services a file system associated with files maintained on the storage devices; and a non-transitory computer usable medium having a computer readable program code, said computer readable program code including a permission query module, coupled to the client interface and the network interface for generating a query to the file server in response to receipt of the request from the coupled client device, the request including a client identifier and a location of the extent of data, the query including the client identifier and the location of the extent of data associated with the access request, the file server being configured to use the request to retrieve access information for the coupled client for the location of the extent of data and return the access information to the apparatus, the apparatus allowing the coupled client to access the extent of data only if the coupled client is authorized to access the extent of data. - View Dependent Claims (7, 8)
-
-
9. A method for controlling access to a storage array comprising:
-
receiving, at a storage device, a request from a client to initiate an access to an extent comprising one or more blocks on the storage device; generating, at the storage device, a query corresponding to the request, the query including a user identifier corresponding to the client and a storage location associated with the access request; forwarding, from the storage device to a server a query to a file servicing a file system associated with the request, the query to determine whether the client is authorized for the access; receiving the query at the server; determining, at the server, whether the client is authorized to access the one or more blocks by using the storage location, the user identifier and the file system; responding, from the server to the storage device, to the query with an indication of whether the client is authorized to access the extent; and selectively permitting, at the storage device, the client to access the extent based on the indication a response from the file server in response to the query. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of validating access rights to a storage device comprising:
-
receiving, by a server from the storage device, a permission query associated with a request sent from a client to the storage device to access data from the storage device, the permission query identifying the client, a location of the data, and a type of access; reverse mapping the location of the data into a file descriptor associated with a file at the location of the data; retrieving access information for the file using the file descriptor; determining whether the client identified in the query has permission to perform the type of access identified in the query on the file; and responding, from the server to the storage device, to the permission query with an indication of whether the client has permission to perform the type of access identified in the query on the file. - View Dependent Claims (15, 16, 17)
-
Specification