Posixly secure open and access files by inode number

US 9,824,233 B2
Filed: 11/17/2015
Issued: 11/21/2017
Est. Priority Date: 11/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a process executed by a processor, a request for a ticket for traversing a file system;

generating, by the process, a secure key for a unique handle based on the request for the ticket;

generating an authentication code for the ticket using a numeric file identifier and the secure key;

in response to reading a directory with portable operating system interface (POSIX) x (execute) and r (read) permissions according to directory permission bits or an access control list (ACL), returning the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code;

in response to a request to open a directory, validating the ticket information based on the secure key by;

regenerating the authentication code using the numeric file identifier, the generation information and the secure key, and comparing the authentication code with the regenerated authentication code;

opening a directory for reading using the validated ticket information and the unique handle; and

generating a plurality of tickets for the unique handle for access to a block of elements.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure portable operating system interface (POSIX) directory traversing for opening and accessing files by inode number. The method includes receiving, by a process executed by a processor, a request for a ticket for traversing a file system. The process generates a secure key for a unique handle object based on the request for the ticket. An authentication code is generated for the ticket using a numeric file identifier and the secure key. In response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), the ticket is returned including ticket information including the numeric file identifier, generation information and the authentication code. In response to a request to open a directory, the ticket information is validated based on the secure key. A directory is opened for reading using the validated ticket information and the unique handle.

29 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, by a process executed by a processor, a request for a ticket for traversing a file system;
  
  generating, by the process, a secure key for a unique handle based on the request for the ticket;
  
  generating an authentication code for the ticket using a numeric file identifier and the secure key;
  
  in response to reading a directory with portable operating system interface (POSIX) x (execute) and r (read) permissions according to directory permission bits or an access control list (ACL), returning the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code;
  
  in response to a request to open a directory, validating the ticket information based on the secure key by;
  
  regenerating the authentication code using the numeric file identifier, the generation information and the secure key, and comparing the authentication code with the regenerated authentication code;
  
  opening a directory for reading using the validated ticket information and the unique handle; and
  
  generating a plurality of tickets for the unique handle for access to a block of elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - in response to a failure of validating the ticket information, revoking the unique handle.
  - 3. The method of claim 2, further comprising:
    - for the block of elements comprising a block of inodes;
      
      receiving a list for the block of inodes including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code;
      
      validating the plurality of particular ticket information for each of the plurality of tickets;
      
      filtering inodes of the block of inodes included in the plurality of tickets; and
      
      copying only requested inodes included in the plurality of tickets for which validated particular ticket information exists.
  - 4. The method of claim 3, wherein validating the plurality of particular ticket information comprises passing the list into a read next inodes with tickets process.
  - 5. The method of claim 4, further comprising:
    - creating the list of tickets in a buffer device in a structure having the particular numeric file identifier, the particular generation information and padding for the particular authentication code for placing each inode at a proper memory address boundary, wherein the padding in the structure is selected such that a length of the particular numeric file identifier added to a length of the padding is a length of a basic encryption block; and
      
      encrypting the buffer under the secure key using codebook mode to regenerate the particular authentication codes.
  - 6. The method of claim 1, further comprising:
    - for the block of elements comprising a block of dirents;
      
      receiving a list for the block of dirents including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code;
      
      filtering dirents of the block of dirents included in the plurality of tickets; and
      
      copying only requested dirents included in the plurality of tickets for which validated particular ticket information exists.
  - 7. The method of claim 6, further comprising:
    - operating the process in parallel over multiple computing nodes based on transferring the unique handle to one or more other processes on the multiple computing nodes by;
      
      packaging handle values into a message, wherein the handle values comprise user identification, group identification, the secure key, expiration time, and file system identification; and
      
      encrypting and signing the message using secure sockets layer (SSL) public and private key encryption using security keys used in a particular cluster, wherein a helper process passes the message to its local file system via the process and receives a local handle that has a same function and authorizations as the unique handle.

8. A computer program product for secure portable operating system interface (POSIX) directory traversing for opening and accessing files by inode number, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to:
- receive, by the processor, a request for a ticket for traversing a file system;
  
  generate, by the processor, a secure key for a unique handle based on the request for the ticket;
  
  generate, by the processor, an authentication code for the ticket using a numeric file identifier and the secure key;
  
  in response to reading a directory with POSIX x and r permissions according to directory permission bits or an access control list (ACL), return, by the processor, the ticket including ticket information comprising the numeric file identifier, generation information and the authentication code;
  
  in response to a request to open a directory, validate, by the processor, the ticket information based on the secure key by regenerating the authentication code using the numeric file identifier, the generation information and the secure key, and comparing the authentication code with the regenerated authentication code;
  
  open, by the processor, a directory for reading using the validated ticket information and the unique handle; and
  
  generate, by the processor, a plurality of tickets for the unique handle for access to a block of elements.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, further comprising program instructions executable by the processor to cause the processor to:
    - in response to a failure of validating the ticket information, revoke the unique handle.
  - 10. The computer program product of claim 9, further comprising program instructions executable by the processor to cause the processor to:
    - for the block of elements comprising a block of inodes;
      
      generate, by the processor, a plurality of tickets for the unique handle for access to a block of inodes;
      
      receive, by the processor, a list for the block of inodes including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code;
      
      filter, by the processor, inodes of the block of inodes included in the plurality of tickets; and
      
      copy, by the processor, only requested inodes included in the plurality of tickets for which validated particular ticket information exists.
  - 11. The computer program product of claim 10, further comprising program instructions executable by the processor to cause the processor to:
    - create, by the processor, the list of tickets in a buffer device in a structure having the particular numeric file identifier, the particular generation information and padding for the particular authentication code for placing each inode at a proper memory address boundary, wherein the padding in the structure is selected such that a length of the particular numeric file identifier added to a length of the padding is a length of a basic encryption block;
      
      encrypt, by the processor, the buffer under the secure key using codebook mode to regenerate the particular authentication codes.
  - 12. The computer program product of claim 8, further comprising program instructions executable by the processor to cause the processor to:
    - for the block of elements comprising a block of dirents;
      
      generate, by the processor, a plurality of tickets for the unique handle for access to a block of dirents;
      
      receive, by the processor, a list for the block of dirents including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code;
      
      filter, by the processor, dirents of the block of dirents included in the plurality of tickets; and
      
      copy, by the processor, only requested dirents included in the plurality of tickets for which validated particular ticket information exists.
  - 13. The computer program product of claim 8, further comprising program instructions executable by the processor to cause the processor to:
    - operate the process in parallel over multiple computing nodes based on transferring the unique handle to one or more other processes on the multiple computing nodes by;
      
      packaging handle values into a message, wherein the handle values comprise user identification, group identification, the secure key, expiration time, and file system identification; and
      
      encrypting and signing the message using secure sockets layer (SSL) public and private key encryption using security keys used in a particular cluster, wherein a helper process passes the message to its local file system via the process and receives a local handle that has a same function and authorizations as the unique handle.

14. An apparatus comprising:
- a ticket hardware processor configured to receive a request for a ticket for traversing a file system;
  
  a cryptographic hardware processor configured to generate a secure key for a unique handle based on the request for the ticket, and to generate an authentication code for the ticket using a numeric file identifier and the secure key;
  
  the ticket hardware processor further configured to return the ticket including ticket information in response to a request to read a directory with portable operating system interface (POSIX) x (execute) and r (read) permissions according to directory permission bits or an access control list (ACL), wherein the ticket information comprises the numeric file identifier, generation information and the authentication code;
  
  a validation hardware processor configured to validate the ticket information based on the secure key in response to a request to open a directory by;
  
  regenerating the authentication code using the numeric file identifier, the generation information and the secure key, and comparing the authentication code with the regenerated authentication code; and
  
  the ticket hardware processor is further configured to generate a plurality of tickets for the unique handle for access to a block of elements;
  
  wherein a directory of the file system is opened for reading using the validated ticket information and the unique handle.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The apparatus of claim 14, wherein:
    - the cryptographic hardware processor is configured to regenerate the authentication code using the numeric file identifier, the generation information and the secure key; and
      
      in response to a failure of validating the ticket information, the ticket hardware processor is configured to revoke the unique handle.
  - 16. The apparatus of claim 15, wherein:
    - the block of elements comprises a block of inodes;
      
      the ticket hardware processor is configured to generate a plurality of tickets for the unique handle for access to the block of inodes, receive a list for the block of inodes including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code;
      
      the validation hardware processor is configured to filter inodes of the block of inodes included in the plurality of tickets, and copy only requested inodes included in the plurality of tickets for which validated particular ticket information exists.
  - 17. The apparatus of claim 16, wherein:
    - the ticket hardware processor is configured to create the list of tickets in a buffer device in a structure having the particular numeric file identifier, the particular generation information and padding for the particular authentication code for placing each inode at a proper memory address boundary, wherein the padding in the structure is selected such that a length of the particular numeric file identifier added to a length of the padding is a length of a basic encryption block; and
      
      the cryptographic hardware processor is configured to encrypt the buffer under the secure key using codebook mode to regenerate the particular authentication codes.
  - 18. The apparatus of claim 17, wherein:
    - the block of elements comprises a block of dirents;
      
      the ticket hardware processor is configured to generate a plurality of tickets for the unique handle for access to the block of dirents, and receive a list for the block of dirents including the plurality of tickets each including particular ticket information that comprises a particular numeric file identifier, particular generation information and a particular authentication code; and
      
      the validation hardware processor is configured to filter dirents of the block of dirents included in the plurality of tickets, and copy only requested dirents included in the plurality of tickets for which validated particular ticket information exists.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kaplan, Marc A., Sawdon, Wayne A.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/943,948
Publication Number

US 20170140165A1
Time in Patent Office

735 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

H04L 2209/20   Manipulating the length of ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3242   involving keyed hash functi...

Posixly secure open and access files by inode number

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Posixly secure open and access files by inode number

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links