SlideShare una empresa de Scribd logo
1 de 37
Descargar para leer sin conexión
Security and Integrity in
  Linux Filesystems.




    Alejandro Sanchez Acosta
       asanchez@gnu.org
Linux Introduction.
Introduction.

●
  What's free software?
●
  What is the Linux kernel?
●
  A little story about the Linux kernel.
●
  Architecture portability.
●
  Linux maintainment.
●
  General ideas.
Filesystem Sources.
Filesystem sources.
●
  Fs/
●
  Superblock, aio, acls, file, file_table, inode,
attr, quota..
●
  Binfmt*
●
  Adfs, affs, afs, autofs, befs, bfs, coda,
cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4,
umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix,
romfs, ....
Filesystem Introduction.
Filesystem Introduction.
●
  What's a Filesystem?
●
  Management with VFS layer.
●
  Proc fs.
●
  Sysfs.
●
  Relayfs.
●
  Udev y hotplugging.
What's a Filesystem?
●
  A place to storage data on disk.
●
  Superblock.
●
  Inodes.
●
  Directory entries.
●
  Files.
Filesystem Form with VFS
●
  Superblock and sb_ops.
●
  Inode and inode_ops.
●
  File and file_operations.
●
  Register_filesystem
●
  Mounting a filesystem
●
  Accesing data filesystem via defined
syscalls.
More Known Filesystems.
●
  ext2/ext3
●
  Jfs
●
  Reiser3 y reiser4.
●
  XFS
●
  NTFS
●
  UDF
●
  Distributed filesystems: NFS, Coda, SMB,
AFS.
The future of filesystems.
●
  More oriented-object or more oo.
●
  Modularity via plugins.
●
  Fasters searching data.
●
  Encryption and compression support.
●
  More robusted used algorithms.
●
  Better storage.
Reiserfs4 Overview.
Basic semantics.
●
  Files.
●
  Names and objects.
●
  Namespaces and interfaces.
●
  Directories.
●
  Security attributes.
Trees concepts.
●
  Set of nodes.
●
  Fanout.
●
  Finited and infinited trees.
●
  Keys to identify objects.
●
  Node structure.
●
  Items structure.
Trees design.
●
  Height or space balanced.
●
  B and b+ trees.
●
  Htrees.
●
  Positional trees.
●
  Dancing trees.
●
  Cache design.
Nodes.
●
  Identified by a key.
●
  Formatted and unformatted.
●
  Leaf and twig nodes.
●
  Items: nodes collection to storage data.
●
  Units: data that we put in the whole item.
Storing Data.
●
  Graphs and dancing trees.
●
  Separate layers: semantic and storage.
●
  BLOB's and extents.
Atomic filesystem
●
  Brief history about fs crashing.
●
  Filesystem checkers.
●
  Reducing the damage with atomic op.
●
  Journaled location.
●
  Commiting allocation.
Repacker.
●
  80% remain unchanged on disk.
●
  Ordering the tree.
●
  Sort the tree and pack perfectly.
●
  Eliminates posible fragmentation.
Journaling.
●
  Location on disk: journal/log.
●
  Commited area.
●
  Problem: twice write data.
●
  Metadata journaling.
●
  Solution: Wandering logging.
●
  Commiting and transactional layer.
●
  Copy-on-capture and steal-on-capture.
Distributed Filesystem.
WAFL.
●
  Distributed Filesystem
●
  Used in network appliances.
●
  Snapshots.
●
  Copy-on-write.
●
  Large files, NFS, high performance and a
quickly restart.
Plugins design.
●
  File, directory and hash.
●
  Security.
●
  Item
●
  Key assignment.
●
  Node and item search.
●
  Still not dinamically loaded.
Reiser future.
●
  Cryptography and compression.
●
  Quotas support.
●
  Dynamic plugins.
●
  Distributed filesystem.
●
  Encryption on commit.
Seguridad en sistemas de
       ficheros.
Basic Polices.
●
  Credentials.
●
  Capabilities.
●
  ACL's
●
  Attributes.
●
  Metadata.
Security in filesystems.
●
  Filesystem and swap crypto.
●
  CryptoAPI support.
●
  LSM hooks for the file access.
●
  File capabilities.
CryptoAPI.
●
  Criptografiia en kernel space.
●
  Uso de scatterlists.
●
  Implementación de criptografía de clave
privada y hashing (ciphers y digests)
●
  Ejemplos: MD4, MD5, DES, AES,
Blowfish, Twofish, ..
●
  Patent-free (IDEA en el 2011? :-) y
estandarizados.
●
  Necesidad por ipv6, packet encryption.
●
  Firma de módulos.
#include <linux/crypto.h>

    struct scatterlist sg[2];
    char result[128];
    struct crypto_tfm *tfm;

    tfm = crypto_alloc_tfm("md5", 0);
    if (tfm == NULL)
          fail();

    /* Rellenar scatterlists */

    crypto_digest_init(tfm);
    crypto_digest_update(tfm, &sg, 2);
    crypto_digest_final(tfm, result);

    crypto_free_tfm(tfm);
Cryptoloop.
●
  Inicializamos pool con dd.
●
  Cargar cipher.
●
  Losetup -e twofish /dev/loop0 /pool
●
  Keysize and password.
●
  Crear sistema de ficheros para loop.
●
  Montamos sobre loop.
●
  Desmontamos loop y filesystem.
Benchmarking.
●
  Contest.
●
  LTT.
●
  Linux Test Project.
●
  Classics benchmarks.
Linux Security Modules.
LSM.
●
  NSA, SELinux, SGI, Inmunix y Janus.
●
  Capabilities.
●
  sys_security y security_operations.
●
  register_security
●
  selinux_plug_init
●
  netfilter.
Referencias.
●
  Nucleo desarrollo: listas.hispalinux.es
●
  Kernelnewbies-es y kernelnewbies.
●
  Kerneljanitors.
●
  LKML.
●
  Posthalloween 2.5.x
●
  Artículos en www.lwn.net sobre Drivers
Porting.
●
  Traducciones en es.gnu.org/~alejandro.
¿¿¿Preguntas???
Security and Integrity in
  Linux Filesystems.

   Alejandro Sanchez Acosta
      asanchez@gnu.org

Más contenido relacionado

La actualidad más candente

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Luc Perkins
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceKostja Osipov
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...Speck&Tech
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案Hua Chu
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ontico
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Andrey Vagin
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosNETWAYS
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other sideYoungChoonTae
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsPositive Hack Days
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsXcodepro
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Saleem Ansari
 
Database File System
Database File SystemDatabase File System
Database File SystemAnas R.
 

La actualidad más candente (15)

Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)Pandoc: the deep dive (PDXFunc presentation)
Pandoc: the deep dive (PDXFunc presentation)
 
Tarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conferenceTarantool 1.6 talk at SECR 2014 conference
Tarantool 1.6 talk at SECR 2014 conference
 
You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...You think you're not a target? A tale of three developers...
You think you're not a target? A tale of three developers...
 
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
TWJUG 2016 - Mogilefs, 簡約可靠的儲存方案
 
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
Ceph BlueStore - новый тип хранилища в Ceph / Максим Воронцов, (Redsys)
 
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?Moscow virtualization meetup 2014: CRIU 1.0 What is next?
Moscow virtualization meetup 2014: CRIU 1.0 What is next?
 
Linux for Beginners
Linux for  BeginnersLinux for  Beginners
Linux for Beginners
 
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vosOSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
OSBConf 2015 | Scale out backups with bareos and gluster by niels de vos
 
Compress and the other side
Compress and the other sideCompress and the other side
Compress and the other side
 
Introduction to Internet of Things
Introduction to Internet of ThingsIntroduction to Internet of Things
Introduction to Internet of Things
 
Chw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutionsChw00t: Breaking unices’ chroot solutions
Chw00t: Breaking unices’ chroot solutions
 
Linux Survival Guide For Data Scientists
Linux Survival Guide For Data ScientistsLinux Survival Guide For Data Scientists
Linux Survival Guide For Data Scientists
 
Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005Introduction to Free and Open Source Software - August 2005
Introduction to Free and Open Source Software - August 2005
 
DNSCurve
DNSCurveDNSCurve
DNSCurve
 
Database File System
Database File SystemDatabase File System
Database File System
 

Destacado (16)

Beyond Awareness
Beyond AwarenessBeyond Awareness
Beyond Awareness
 
Ataques Mediante Memorias USB
Ataques Mediante Memorias USBAtaques Mediante Memorias USB
Ataques Mediante Memorias USB
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Exploiting Web Applications PHP
Exploiting Web Applications PHPExploiting Web Applications PHP
Exploiting Web Applications PHP
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3Analisis de Riesgos O-ISM3
Analisis de Riesgos O-ISM3
 
Analisis Forense Memoria RAM
Analisis Forense Memoria RAMAnalisis Forense Memoria RAM
Analisis Forense Memoria RAM
 
Durabilidad
DurabilidadDurabilidad
Durabilidad
 
Assessment presentation
Assessment presentationAssessment presentation
Assessment presentation
 
Antivirus Gateways Architecture Design
Antivirus Gateways Architecture DesignAntivirus Gateways Architecture Design
Antivirus Gateways Architecture Design
 
Business Outsourcing to Asia
Business Outsourcing to AsiaBusiness Outsourcing to Asia
Business Outsourcing to Asia
 
Using IPS for Web Protection
Using IPS for Web ProtectionUsing IPS for Web Protection
Using IPS for Web Protection
 
Oissg
OissgOissg
Oissg
 
Seguridad Windows Server 2008
Seguridad Windows Server 2008Seguridad Windows Server 2008
Seguridad Windows Server 2008
 
Exploiting Layer 2
Exploiting Layer 2Exploiting Layer 2
Exploiting Layer 2
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 

Similar a Integrity and Security in Filesystems

LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)Linaro
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsKenny (netman)
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetupasihan
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1sprdd
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-reviewabinaya m
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsShu-Yu Fu
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyMongoDB
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2Gang He
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemKumar Amit Mehta
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smartJeff Beley
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architectureSHAJANA BASHEER
 

Similar a Integrity and Security in Filesystems (20)

When ACLs Attack
When ACLs AttackWhen ACLs Attack
When ACLs Attack
 
FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016FreeBSD Portscamp, Kuala Lumpur 2016
FreeBSD Portscamp, Kuala Lumpur 2016
 
FUSE Filesystems
FUSE FilesystemsFUSE Filesystems
FUSE Filesystems
 
LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)LAS16-400: Mini Conference 3 AOSP (Session 1)
LAS16-400: Mini Conference 3 AOSP (Session 1)
 
4. linux file systems
4. linux file systems4. linux file systems
4. linux file systems
 
Strata - 03/31/2012
Strata - 03/31/2012Strata - 03/31/2012
Strata - 03/31/2012
 
Linux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fsLinux fundamental - Chap 10 fs
Linux fundamental - Chap 10 fs
 
Gpfs introandsetup
Gpfs introandsetupGpfs introandsetup
Gpfs introandsetup
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1Wheeler w 0450_linux_file_systems1
Wheeler w 0450_linux_file_systems1
 
DEVIEW 2013
DEVIEW 2013DEVIEW 2013
DEVIEW 2013
 
Lec 10-linux-review
Lec 10-linux-reviewLec 10-linux-review
Lec 10-linux-review
 
TLPI Chapter 14 File Systems
TLPI Chapter 14 File SystemsTLPI Chapter 14 File Systems
TLPI Chapter 14 File Systems
 
Webinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data SafetyWebinar: Understanding Storage for Performance and Data Safety
Webinar: Understanding Storage for Performance and Data Safety
 
Introduction to file system and OCFS2
Introduction to file system and OCFS2Introduction to file system and OCFS2
Introduction to file system and OCFS2
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File system
 
Disk forensics for the lazy and the smart
Disk forensics for the lazy and the smartDisk forensics for the lazy and the smart
Disk forensics for the lazy and the smart
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
 
Hdfs architecture
Hdfs architectureHdfs architecture
Hdfs architecture
 
Linux kernel architecture
Linux kernel architectureLinux kernel architecture
Linux kernel architecture
 

Más de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Más de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Último

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 

Último (20)

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 

Integrity and Security in Filesystems

  • 1. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org
  • 3. Introduction. ● What's free software? ● What is the Linux kernel? ● A little story about the Linux kernel. ● Architecture portability. ● Linux maintainment. ● General ideas.
  • 5. Filesystem sources. ● Fs/ ● Superblock, aio, acls, file, file_table, inode, attr, quota.. ● Binfmt* ● Adfs, affs, afs, autofs, befs, bfs, coda, cramfs, ramfs, devfs, devpts, hfs, hpfs, qnx4, umsdos, vfat, xfs, jfs, isofs, hugetlbfs, minix, romfs, ....
  • 7. Filesystem Introduction. ● What's a Filesystem? ● Management with VFS layer. ● Proc fs. ● Sysfs. ● Relayfs. ● Udev y hotplugging.
  • 8. What's a Filesystem? ● A place to storage data on disk. ● Superblock. ● Inodes. ● Directory entries. ● Files.
  • 9. Filesystem Form with VFS ● Superblock and sb_ops. ● Inode and inode_ops. ● File and file_operations. ● Register_filesystem ● Mounting a filesystem ● Accesing data filesystem via defined syscalls.
  • 10. More Known Filesystems. ● ext2/ext3 ● Jfs ● Reiser3 y reiser4. ● XFS ● NTFS ● UDF ● Distributed filesystems: NFS, Coda, SMB, AFS.
  • 11. The future of filesystems. ● More oriented-object or more oo. ● Modularity via plugins. ● Fasters searching data. ● Encryption and compression support. ● More robusted used algorithms. ● Better storage.
  • 13. Basic semantics. ● Files. ● Names and objects. ● Namespaces and interfaces. ● Directories. ● Security attributes.
  • 14. Trees concepts. ● Set of nodes. ● Fanout. ● Finited and infinited trees. ● Keys to identify objects. ● Node structure. ● Items structure.
  • 15. Trees design. ● Height or space balanced. ● B and b+ trees. ● Htrees. ● Positional trees. ● Dancing trees. ● Cache design.
  • 16. Nodes. ● Identified by a key. ● Formatted and unformatted. ● Leaf and twig nodes. ● Items: nodes collection to storage data. ● Units: data that we put in the whole item.
  • 17. Storing Data. ● Graphs and dancing trees. ● Separate layers: semantic and storage. ● BLOB's and extents.
  • 18. Atomic filesystem ● Brief history about fs crashing. ● Filesystem checkers. ● Reducing the damage with atomic op. ● Journaled location. ● Commiting allocation.
  • 19. Repacker. ● 80% remain unchanged on disk. ● Ordering the tree. ● Sort the tree and pack perfectly. ● Eliminates posible fragmentation.
  • 20. Journaling. ● Location on disk: journal/log. ● Commited area. ● Problem: twice write data. ● Metadata journaling. ● Solution: Wandering logging. ● Commiting and transactional layer. ● Copy-on-capture and steal-on-capture.
  • 22. WAFL. ● Distributed Filesystem ● Used in network appliances. ● Snapshots. ● Copy-on-write. ● Large files, NFS, high performance and a quickly restart.
  • 23. Plugins design. ● File, directory and hash. ● Security. ● Item ● Key assignment. ● Node and item search. ● Still not dinamically loaded.
  • 24. Reiser future. ● Cryptography and compression. ● Quotas support. ● Dynamic plugins. ● Distributed filesystem. ● Encryption on commit.
  • 25. Seguridad en sistemas de ficheros.
  • 26. Basic Polices. ● Credentials. ● Capabilities. ● ACL's ● Attributes. ● Metadata.
  • 27. Security in filesystems. ● Filesystem and swap crypto. ● CryptoAPI support. ● LSM hooks for the file access. ● File capabilities.
  • 29. ● Criptografiia en kernel space. ● Uso de scatterlists. ● Implementación de criptografía de clave privada y hashing (ciphers y digests) ● Ejemplos: MD4, MD5, DES, AES, Blowfish, Twofish, .. ● Patent-free (IDEA en el 2011? :-) y estandarizados. ● Necesidad por ipv6, packet encryption. ● Firma de módulos.
  • 30. #include <linux/crypto.h> struct scatterlist sg[2]; char result[128]; struct crypto_tfm *tfm; tfm = crypto_alloc_tfm("md5", 0); if (tfm == NULL) fail(); /* Rellenar scatterlists */ crypto_digest_init(tfm); crypto_digest_update(tfm, &sg, 2); crypto_digest_final(tfm, result); crypto_free_tfm(tfm);
  • 31. Cryptoloop. ● Inicializamos pool con dd. ● Cargar cipher. ● Losetup -e twofish /dev/loop0 /pool ● Keysize and password. ● Crear sistema de ficheros para loop. ● Montamos sobre loop. ● Desmontamos loop y filesystem.
  • 32. Benchmarking. ● Contest. ● LTT. ● Linux Test Project. ● Classics benchmarks.
  • 34. LSM. ● NSA, SELinux, SGI, Inmunix y Janus. ● Capabilities. ● sys_security y security_operations. ● register_security ● selinux_plug_init ● netfilter.
  • 35. Referencias. ● Nucleo desarrollo: listas.hispalinux.es ● Kernelnewbies-es y kernelnewbies. ● Kerneljanitors. ● LKML. ● Posthalloween 2.5.x ● Artículos en www.lwn.net sobre Drivers Porting. ● Traducciones en es.gnu.org/~alejandro.
  • 37. Security and Integrity in Linux Filesystems. Alejandro Sanchez Acosta asanchez@gnu.org