Device Sharing

rdv at ISI.EDU rdv at ISI.EDU
Sat Mar 1 10:18:28 PST 1997


* From the SCSI Reflector (scsi at symbios.com), posted by:
* rdv at ISI.EDU
*
Cogent comments, and it's true that what I wrote could be
misconstrued.

I was thinking of security in large multi-initiator systems, where it
may be desirable to limit access to devices to a subset of the hosts
on the interconnect.  I view this as an especially important problem
as general-purpose LANs and I/O LANs merge, a trend I consider quite
likely (though I realize others do not).

Questions that have to be asked:

* Do user processes on hosts have access to an API that will allow
  them to send arbitrary packets across the LAN?  If so, how can I
  stop them from sending command packets to the devices?

* Do I trust even the kernels on some of the workstations on this
  LAN?  If not, how will I stop them from sending unauthorized
  commands to the devices?

* In light of the above, do we need a more complex access control
  model than RESERVE/RELEASE can provide?

* What is the correct type of interface for network-attached
  storage devices to present?  File (NFS) or block (SCSI)? (Personally,
  I vote for the latter, but other researchers consider the former
  more appropriate.)

Don't get me wrong, I'm not attempting to denigrate, much less
subvert, the work that has gone on so far on SBP-2 and other
protocols.  It is important and timely, and effective in small
multi-initiator I/O-dedicated LANs, which is by far the predominant
use of such LANs today and in the near future.

However, in our Netstation research, we're looking a step farther out, 
and we believe that these approaches will ultimately prove inadequate
in larger, more unsafe and more heterogeneous environments.  It's
those questions we're trying to address.

I think most of the people on these lists recognize these issues, but
are rightly concentrating on more immediate problems.  I think it does 
us good to occasionally step back and look at the longer term picture, 
though.

Many of you are probably aware of it, but now's probably the time to
put in a plug for the National Storage Industry Consortium's
Network-attached Storage Device (NASD) working group, which I'm only
informally allied with:

http://www.hpl.hp.com/SSP/NASD/

Garth Gibson's group at CMU is doing excellent work, and you'll find
good pointers to other research groups there, as well:

http://www.cs.cmu.edu/Groups/NASD/

Rather than cluttering the entire reflector with this, it's probably
time to take this private; send me email if you're interested in
continuing the discussion.

				--Rod

****************************************************************************
Rod Van Meter USC/ISI rdv at isi.edu,rdv at alumni.caltech.edu +1(310)822-1511x417
****************************************************************************
No trace of slavery ought to mix with the studies of the freeborn man. . . .
No study, pursued under compulsion, remains rooted in the memory.
Plato (c. 427-347 B.C.), Greek philosopher. Socrates, in The Republic, bk. 7,
sct. 536
*
* For SCSI Reflector information, send a message with
* 'info scsi' (no quotes) in the message body to majordomo at symbios.com




More information about the T10 mailing list