DOC PREVIEW
Berkeley COMPSCI 162 - Lecture 25 Protection and Security in Distributed Systems

This preview shows page 1-2-15-16-31-32 out of 32 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 32 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CS162 Operating Systems and Systems Programming Lecture 25 Protection and Security in Distributed SystemsReview: Use of caching to reduce network loadGoals for TodayNetwork File System (NFS)NFS ContinuedNFS Cache consistencySequential Ordering ConstraintsNFS Pros and ConsAndrew File SystemAndrew File System (con’t)World Wide WebWWW Proxy CachesAdministriviaProtection vs SecurityPreventing MisuseAuthentication: Identifying UsersPasswords: SecrecyPasswords: How easy to guess?Passwords: Making harder to crackPasswords: Making harder to crack (con’t)Authentication in Distributed SystemsPrivate Key CryptographyKey DistributionAuthentication Server ContinuedPublic Key EncryptionPublic Key Encryption DetailsSecure Hash FunctionUse of Hash FunctionsSignatures/Certificate AuthoritiesSecurity through SSLSSL PitfallsConclusionCS162Operating Systems andSystems ProgrammingLecture 25Protection and Security in Distributed SystemsNovember 28, 2007Prof. John Kubiatowiczhttp://inst.eecs.berkeley.edu/~cs162Lec 25.211/28/07 Kubiatowicz CS162 ©UCB Fall 2007ServercacheF1:V1F1:V2Review: Use of caching to reduce network loadRead (RPC)Return (Data)Write (RPC)ACKClientcacheClientcache•Idea: Use caching to reduce network load–In practice: use buffer cache at source and destination•Advantage: if open/read/write/close can be done locally, don’t need to do any network traffic…fast!•Problems: –Failure:»Client caches have data not committed at server–Cache consistency!»Client caches not consistent with server/each otherF1:V1F1:V2read(f1)write(f1)V1read(f1)V1read(f1)V1OKread(f1)V1read(f1)V2Lec 25.311/28/07 Kubiatowicz CS162 ©UCB Fall 2007Goals for Today•Finish discussing distributed file systems/Caching•Security Mechanisms–Authentication–Authorization–Enforcement•Cryptographic MechanismsNote: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne Note: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne. Many slides generated from my lecture notes by Kubiatowicz.Lec 25.411/28/07 Kubiatowicz CS162 ©UCB Fall 2007Network File System (NFS)•Three Layers for NFS system–UNIX file-system interface: open, read, write, close calls + file descriptors–VFS layer: distinguishes local from remote files»Calls the NFS protocol procedures for remote requests–NFS service layer: bottom layer of the architecture»Implements the NFS protocol•NFS Protocol: RPC for file operations on server–Reading/searching a directory –manipulating links and directories –accessing file attributes/reading and writing files•Write-through caching: Modified data committed to server’s disk before results are returned to the client –lose some of the advantages of caching–time to perform write() can be long–Need some mechanism for readers to eventually notice changes! (more on this later)Lec 25.511/28/07 Kubiatowicz CS162 ©UCB Fall 2007NFS Continued•NFS servers are stateless; each request provides all arguments require for execution–E.g. reads include information for entire operation, such as ReadAt(inumber,position), not Read(openfile)–No need to perform network open() or close() on file – each operation stands on its own•Idempotent: Performing requests multiple times has same effect as performing it exactly once–Example: Server crashes between disk I/O and message send, client resend read, server does operation again–Example: Read and write file blocks: just re-read or re-write file block – no side effects–Example: What about “remove”? NFS does operation twice and second time returns an advisory error •Failure Model: Transparent to client system–Is this a good idea? What if you are in the middle of reading a file and server crashes? –Options (NFS Provides both):»Hang until server comes back up (next week?)»Return an error. (Of course, most applications don’t know they are talking over network)Lec 25.611/28/07 Kubiatowicz CS162 ©UCB Fall 2007•NFS protocol: weak consistency–Client polls server periodically to check for changes»Polls server if data hasn’t been checked in last 3-30 seconds (exact timeout it tunable parameter).»Thus, when file is changed on one client, server is notified, but other clients use old version of file until timeout.–What if multiple clients write to same file? »In NFS, can get either version (or parts of both)»Completely arbitrary!cacheF1:V2ServerWrite (RPC)ACKClientcacheClientcacheF1:V1F1:V2F1:V2NFS Cache consistencyF1 still ok?No: (F1:V2)Lec 25.711/28/07 Kubiatowicz CS162 ©UCB Fall 2007•What sort of cache coherence might we expect?–i.e. what if one CPU changes file, and before it’s done, another CPU reads file?•Example: Start with file contents = “A”•What would we actually want?–Assume we want distributed system to behave exactly the same as if all processes are running on single system»If read finishes before write starts, get old copy»If read starts after write finishes, get new copy»Otherwise, get either new or old copy–For NFS:»If read starts more than 30 seconds after write, get new copy; otherwise, could get partial updateSequential Ordering ConstraintsRead: gets ARead: gets A or BWrite BWrite CRead: parts of B or CClient 1:Client 2:Client 3:Read: parts of B or CTimeLec 25.811/28/07 Kubiatowicz CS162 ©UCB Fall 2007NFS Pros and Cons•NFS Pros:–Simple, Highly portable•NFS Cons:–Sometimes inconsistent!–Doesn’t scale to large # clients»Must keep checking to see if caches out of date»Server becomes bottleneck due to polling trafficLec 25.911/28/07 Kubiatowicz CS162 ©UCB Fall 2007Andrew File System•Andrew File System (AFS, late 80’s)  DCE DFS (commercial product)•Callbacks: Server records who has copy of file–On changes, server immediately tells all with old copy–No polling bandwidth (continuous checking) needed•Write through on close–Changes not propagated to server until close()–Session semantics: updates visible to other clients only after the file is closed»As a result, do not get partial writes: all or nothing!»Although, for processes on local machine, updates visible immediately to other programs who have file open•In AFS, everyone who has file open sees old version–Don’t get newer versions until reopen fileLec 25.1011/28/07 Kubiatowicz CS162 ©UCB Fall 2007Andrew File System (con’t)•Data cached on local disk of client as


View Full Document

Berkeley COMPSCI 162 - Lecture 25 Protection and Security in Distributed Systems

Documents in this Course
Lecture 1

Lecture 1

12 pages

Nachos

Nachos

41 pages

Security

Security

39 pages

Load more
Download Lecture 25 Protection and Security in Distributed Systems
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 25 Protection and Security in Distributed Systems and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 25 Protection and Security in Distributed Systems 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?