SlideShare ist ein Scribd-Unternehmen logo

Integrity and Security in Filesystems

Als PPT, PDF herunterladen
Conferencias FIST
Conferencias FIST
Technologie
1 von 37
Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
Linux Introduction.
Introduction. ● What's free software? ● What is the Linux kernel? ● A little story about the Linux kernel. ● Architecture portability. ● Linux maintainment. ● General ideas.
Filesystem Sources.
Filesystem sources. ● Fs/ ● Superblock, aio, acls, file, file_table, inode, attr, quota.. ● Binfmt* ● Adfs, affs, afs, autofs, befs, bfs, coda, cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4, umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix, romfs, ....
Filesystem Introduction.
Filesystem Introduction. ● What's a Filesystem? ● Management with VFS layer. ● Proc fs. ● Sysfs. ● Relayfs. ● Udev y hotplugging.
What's a Filesystem? ● A place to storage data on disk. ● Superblock. ● Inodes. ● Directory entries. ● Files.
Filesystem Form with VFS ● Superblock and sb_ops. ● Inode and inode_ops. ● File and file_operations. ● Register_filesystem ● Mounting a filesystem ● Accesing data filesystem via defined syscalls.
More Known Filesystems. ● ext2/ext3 ● Jfs ● Reiser3 y reiser4. ● XFS ● NTFS ● UDF ● Distributed filesystems: NFS, Coda, SMB, AFS.
The future of filesystems. ● More oriented-object or more oo. ● Modularity via plugins. ● Fasters searching data. ● Encryption and compression support. ● More robusted used algorithms. ● Better storage.
Reiserfs4 Overview.
Basic semantics. ● Files. ● Names and objects. ● Namespaces and interfaces. ● Directories. ● Security attributes.
Trees concepts. ● Set of nodes. ● Fanout. ● Finited and infinited trees. ● Keys to identify objects. ● Node structure. ● Items structure.
Trees design. ● Height or space balanced. ● B and b+ trees. ● Htrees. ● Positional trees. ● Dancing trees. ● Cache design.
Nodes. ● Identified by a key. ● Formatted and unformatted. ● Leaf and twig nodes. ● Items: nodes collection to storage data. ● Units: data that we put in the whole item.
Storing Data. ● Graphs and dancing trees. ● Separate layers: semantic and storage. ● BLOB's and extents.
Atomic filesystem ● Brief history about fs crashing. ● Filesystem checkers. ● Reducing the damage with atomic op. ● Journaled location. ● Commiting allocation.
Repacker. ● 80% remain unchanged on disk. ● Ordering the tree. ● Sort the tree and pack perfectly. ● Eliminates posible fragmentation.
Journaling. ● Location on disk: journal/log. ● Commited area. ● Problem: twice write data. ● Metadata journaling. ● Solution: Wandering logging. ● Commiting and transactional layer. ● Copy-on-capture and steal-on-capture.
Distributed Filesystem.
WAFL. ● Distributed Filesystem ● Used in network appliances. ● Snapshots. ● Copy-on-write. ● Large files, NFS, high performance and a quickly restart.
Plugins design. ● File, directory and hash. ● Security. ● Item ● Key assignment. ● Node and item search. ● Still not dinamically loaded.
Reiser future. ● Cryptography and compression. ● Quotas support. ● Dynamic plugins. ● Distributed filesystem. ● Encryption on commit.
Seguridad en sistemas de ficheros.
Basic Polices. ● Credentials. ● Capabilities. ● ACL's ● Attributes. ● Metadata.
Security in filesystems. ● Filesystem and swap crypto. ● CryptoAPI support. ● LSM hooks for the file access. ● File capabilities.
CryptoAPI.
● Criptografiia en kernel space. ● Uso de scatterlists. ● Implementación de criptografía de clave privada y hashing (ciphers y digests) ● Ejemplos: MD4, MD5, DES, AES, Blowfish, Twofish, .. ● Patent-free (IDEA en el 2011? :-) y estandarizados. ● Necesidad por ipv6, packet encryption. ● Firma de módulos.
#include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
Cryptoloop. ● Inicializamos pool con dd. ● Cargar cipher. ● Losetup -e twofish /dev/loop0 /pool ● Keysize and password. ● Crear sistema de ficheros para loop. ● Montamos sobre loop. ● Desmontamos loop y filesystem.
Benchmarking. ● Contest. ● LTT. ● Linux Test Project. ● Classics benchmarks.
Linux Security Modules.
LSM. ● NSA, SELinux, SGI, Inmunix y Janus. ● Capabilities. ● sys_security y security_operations. ● register_security ● selinux_plug_init ● netfilter.
Referencias. ● Nucleo desarrollo: listas.hispalinux.es ● Kernelnewbies-es y kernelnewbies. ● Kerneljanitors. ● LKML. ● Posthalloween 2.5.x ● Artículos en www.lwn.net sobre Drivers Porting. ● Traducciones en es.gnu.org/~alejandro.
¿¿¿Preguntas???
Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org

Empfohlen

Redis talk
Redis talkRedis talk
Redis talkEdson Lima Junior
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovOpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015OpenVZ
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
Mongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesMongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesAbhinav Jha
 
Ceph Internals
Ceph InternalsCeph Internals
Ceph InternalsVictor Santos
 
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelOSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelNETWAYS
 

Empfohlen

Redis talk
Redis talkRedis talk
Redis talkEdson Lima Junior
 
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...
FLISOL 2015 - Criptografia é importante! Aprenda meios simples de proteger ar...Paulo Henrique
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovOpenVZ
 
PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015OpenVZ
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
Mongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesMongo db cluster administration and Shredded Databases
Mongo db cluster administration and Shredded DatabasesAbhinav Jha
 
Ceph Internals
Ceph InternalsCeph Internals
Ceph InternalsVictor Santos
 
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelOSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo Seidel
OSDC 2012 | Extremes Wolken Dateisystem!? by Dr. Udo SeidelNETWAYS
 
Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Luc Perkins
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceKostja Osipov
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案Hua Chu
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ontico
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Andrey Vagin
 
Linux for Beginners
Linux for BeginnersLinux for Beginners
Linux for BeginnersGobinath Loganathan
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other sideYoungChoonTae
 
Introduction to Internet of Things
Introduction to Internet of ThingsIntroduction to Internet of Things
Introduction to Internet of ThingsNagasai Arun Panchakarla
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsPositive Hack Days
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsXcodepro
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Saleem Ansari
 
DNSCurve
DNSCurveDNSCurve
DNSCurveSabbir Ahmmed
 
Database File System
Database File SystemDatabase File System
Database File SystemAnas R.
 
Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond AwarenessConferencias FIST
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Security Metrics
Security MetricsSecurity Metrics
Security MetricsConferencias FIST
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access ProtectionConferencias FIST
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Conferencias FIST
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAMConferencias FIST
 

Weitere ähnliche Inhalte

Was ist angesagt?

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Luc Perkins
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceKostja Osipov
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案Hua Chu
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ontico
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Andrey Vagin
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other sideYoungChoonTae
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsPositive Hack Days
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsXcodepro
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Saleem Ansari
 
Database File System
Database File SystemDatabase File System
Database File SystemAnas R.
 

Was ist angesagt? (15)

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
 
Linux for Beginners
Linux for BeginnersLinux for Beginners
Linux for Beginners
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other side
 
Introduction to Internet of Things
Introduction to Internet of ThingsIntroduction to Internet of Things
Introduction to Internet of Things
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutions
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data Scientists
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005
 
DNSCurve
DNSCurveDNSCurve
DNSCurve
 
Database File System
Database File SystemDatabase File System
Database File System
 

Andere mochten auch

Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USBConferencias FIST
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHPConferencias FIST
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAMConferencias FIST
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentationSpeech2023
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignConferencias FIST
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to AsiaConferencias FIST
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web ProtectionConferencias FIST
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008Conferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

Andere mochten auch (16)

Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond Awareness
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USB
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHP
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAM
 
Durabilidad
DurabilidadDurabilidad
Durabilidad
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentation
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture Design
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to Asia
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web Protection
 
Oissg
OissgOissg
Oissg
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 

Ähnlich wie Integrity and Security in Filesystems

LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)Linaro
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsKenny (netman)
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetupasihan
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-reviewabinaya m
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsShu-Yu Fu
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyMongoDB
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2Gang He
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemKumar Amit Mehta
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smartJeff Beley
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architectureSHAJANA BASHEER
 

Ähnlich wie Integrity and Security in Filesystems (20)

When ACLs Attack
When ACLs AttackWhen ACLs Attack
When ACLs Attack
 
FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016
 
FUSE Filesystems
FUSE FilesystemsFUSE Filesystems
FUSE Filesystems
 
LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
Strata - 03/31/2012
Strata - 03/31/2012Strata - 03/31/2012
Strata - 03/31/2012
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fs
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetup
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
DEVIEW 2013
DEVIEW 2013DEVIEW 2013
DEVIEW 2013
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-review
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File Systems
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data Safety
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File system
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smart
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
 
Hdfs architecture
Hdfs architectureHdfs architecture
Hdfs architecture
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architecture
 

Mehr von Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Mehr von Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Kürzlich hochgeladen

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 

Kürzlich hochgeladen (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 

Integrity and Security in Filesystems

  • 1. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
  • 3. Introduction. ● What's free software? ● What is the Linux kernel? ● A little story about the Linux kernel. ● Architecture portability. ● Linux maintainment. ● General ideas.
  • 5. Filesystem sources. ● Fs/ ● Superblock, aio, acls, file, file_table, inode, attr, quota.. ● Binfmt* ● Adfs, affs, afs, autofs, befs, bfs, coda, cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4, umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix, romfs, ....
  • 7. Filesystem Introduction. ● What's a Filesystem? ● Management with VFS layer. ● Proc fs. ● Sysfs. ● Relayfs. ● Udev y hotplugging.
  • 8. What's a Filesystem? ● A place to storage data on disk. ● Superblock. ● Inodes. ● Directory entries. ● Files.
  • 9. Filesystem Form with VFS ● Superblock and sb_ops. ● Inode and inode_ops. ● File and file_operations. ● Register_filesystem ● Mounting a filesystem ● Accesing data filesystem via defined syscalls.
  • 10. More Known Filesystems. ● ext2/ext3 ● Jfs ● Reiser3 y reiser4. ● XFS ● NTFS ● UDF ● Distributed filesystems: NFS, Coda, SMB, AFS.
  • 11. The future of filesystems. ● More oriented-object or more oo. ● Modularity via plugins. ● Fasters searching data. ● Encryption and compression support. ● More robusted used algorithms. ● Better storage.
  • 13. Basic semantics. ● Files. ● Names and objects. ● Namespaces and interfaces. ● Directories. ● Security attributes.
  • 14. Trees concepts. ● Set of nodes. ● Fanout. ● Finited and infinited trees. ● Keys to identify objects. ● Node structure. ● Items structure.
  • 15. Trees design. ● Height or space balanced. ● B and b+ trees. ● Htrees. ● Positional trees. ● Dancing trees. ● Cache design.
  • 16. Nodes. ● Identified by a key. ● Formatted and unformatted. ● Leaf and twig nodes. ● Items: nodes collection to storage data. ● Units: data that we put in the whole item.
  • 17. Storing Data. ● Graphs and dancing trees. ● Separate layers: semantic and storage. ● BLOB's and extents.
  • 18. Atomic filesystem ● Brief history about fs crashing. ● Filesystem checkers. ● Reducing the damage with atomic op. ● Journaled location. ● Commiting allocation.
  • 19. Repacker. ● 80% remain unchanged on disk. ● Ordering the tree. ● Sort the tree and pack perfectly. ● Eliminates posible fragmentation.
  • 20. Journaling. ● Location on disk: journal/log. ● Commited area. ● Problem: twice write data. ● Metadata journaling. ● Solution: Wandering logging. ● Commiting and transactional layer. ● Copy-on-capture and steal-on-capture.
  • 22. WAFL. ● Distributed Filesystem ● Used in network appliances. ● Snapshots. ● Copy-on-write. ● Large files, NFS, high performance and a quickly restart.
  • 23. Plugins design. ● File, directory and hash. ● Security. ● Item ● Key assignment. ● Node and item search. ● Still not dinamically loaded.
  • 24. Reiser future. ● Cryptography and compression. ● Quotas support. ● Dynamic plugins. ● Distributed filesystem. ● Encryption on commit.
  • 25. Seguridad en sistemas de ficheros.
  • 26. Basic Polices. ● Credentials. ● Capabilities. ● ACL's ● Attributes. ● Metadata.
  • 27. Security in filesystems. ● Filesystem and swap crypto. ● CryptoAPI support. ● LSM hooks for the file access. ● File capabilities.
  • 29. ● Criptografiia en kernel space. ● Uso de scatterlists. ● Implementación de criptografía de clave privada y hashing (ciphers y digests) ● Ejemplos: MD4, MD5, DES, AES, Blowfish, Twofish, .. ● Patent-free (IDEA en el 2011? :-) y estandarizados. ● Necesidad por ipv6, packet encryption. ● Firma de módulos.
  • 30. #include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
  • 31. Cryptoloop. ● Inicializamos pool con dd. ● Cargar cipher. ● Losetup -e twofish /dev/loop0 /pool ● Keysize and password. ● Crear sistema de ficheros para loop. ● Montamos sobre loop. ● Desmontamos loop y filesystem.
  • 32. Benchmarking. ● Contest. ● LTT. ● Linux Test Project. ● Classics benchmarks.
  • 34. LSM. ● NSA, SELinux, SGI, Inmunix y Janus. ● Capabilities. ● sys_security y security_operations. ● register_security ● selinux_plug_init ● netfilter.
  • 35. Referencias. ● Nucleo desarrollo: listas.hispalinux.es ● Kernelnewbies-es y kernelnewbies. ● Kerneljanitors. ● LKML. ● Posthalloween 2.5.x ● Artículos en www.lwn.net sobre Drivers Porting. ● Traducciones en es.gnu.org/~alejandro.
  • 37. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org