1. Technical Field
The present invention relates in general to network systems and in particular to distributed filesystems. Still more particularly, the present invention relates to security features for access to distributed filesystems.
2. Description of the Related Art
In general purpose computing systems, such as those supporting versions of the Unix operating system (OS), applications may access data stored on disk drives by means of a set of operating system services including a filesystem. A filesystem may be employed by a computer system to organize a large collection of files into individual files and directories of files and to map those files to storage devices such as disks. Filesystems comprise two primary components, the programs that control the physical representation of the files and the files themselves that are stored on the disk.
In a distributed computing environment, a number of computing systems can be interconnected by way of a communication network or other coupling facility and can share files by way of a distributed filesystem. A filesystem exporter is typically executed on the server node (the computing system that controls access to the disk containing the filesystem data), while a filesystem importer is typically executed on the client nodes (other computing systems utilized to access the files on the disk). Accesses to shared files by users on the client nodes are referred to as “remote” accesses. Accesses to shared files made by users on the server node are referred to as “local” accesses.
The network filesystem is stored on a server or node of a network, and the server or node is accessible from client terminals (i.e., user computers) that are typically remotely linked to the network. The actual link may be a wired link, as in a standard Ethernet-based local area network (LAN) or a wireless link, such as a Bluetooth Virtual Private Network (VPN). The process of accessing the filesystem via the client terminals is referred to as “mounting a filesystem.” When a filesystem is mounted, the filesystem's control program reads certain information from the disk concerning the layout of filesystem objects. From this information, the filesystem constructs data structures known as “virtual filesystems” or Vfs's. Each time a file is opened, or made accessible, the filesystem creates a data structure, referred to as a “vnode”, which is chained to the vfs.
Each vnode contains information about a given file and contains references to physical file system data structures. The physical file system data structures contain information such as the owner of the file, the size of the file, the date and time of the file's creation and the location of the blocks of the file on the disk. Filesystems include internal data, called meta-data, to manage files. Meta-data may include data that indicates: where each data block of a file is stored; where memory-modified versions of a file are stored; and the permissions and owners of a file.
With more and more companies using remote/network-accessible distributed filesystems to electronically store and later retrieve files/documents, including some with sensitive information, security of distributed filesystems is becoming increasingly important. The IP Security (IPSec) suite of standards was introduced and provides two primary security features: authentication and encryption. In other words, IPSec ensures that sending and receiving machines really are what they claim to be, and IPSec enables data to be scrambled in flight so the data will be incomprehensible if intercepted.
Most systems thus require an authentication of the user during the initial mount, which typically includes verifying user-passwords, etc. However, password-protection and similar security measures are notorious for being open to cracking and can easily be compromised, and the industry has recognized that password-protected systems offer very little protection to sensitive files once general access to the filesystem is obtained.
More advanced hackers also gain access to the files stored on the filesystem by tapping into a transmission during an authorized mount and simply copying the data as it is being transmitted from filesystem to client system. This occurs because, with most password-protected distributed filesystems, once the several levels of security log-in (password verification, etc) are completed, the actual transmission of the files from the filesystem occurs in clear text. Thus, when the transmission includes very sensitive data, additional security measures are required to ensure that the clear text data is not available by simply copying the file during transmission.
The ease at which the security of the sensitive information may be compromised via this latter method depends to some extent on the medium being utilized by authorized users to mount/access the filesystem. For example, wireless access/transmission is typically more prone to eavesdropping and cracking that wire-full (wired) network media. However, even the standard Ethernet can easily be breached without detection, and thus the standard Ethernet is also an unsafe option for routing sensitive data.
As mentioned above, the industry has responded to the growing need for security on the transmission medium by imposing heavy encryption on all transmitted data during a mount of the filesystem. Currently, there are several encryption algorithms and standards (e.g., wireless transport layer security) designed to provide security for the transmissions between client system/node and the server hosting the filesystem. Utilization of heavy encryption requires placing a heavy processing burden on the client system and the server for all traffic. The overall performance of the system is degraded, and significant costs are incurred by companies that wish to implement system-wide encryption for access to their filesystem. Encryption is built into the communication mechanisms and applied to all traffic between client system and server although the majority of traffic may not require that level of security (e.g., non-sensitive information/files).
The utilization of wireless systems to access filesystems is increasing as companies provide remote access to users who may be mobile and wish to connect to the network remotely. Wireless connections are, however, more susceptible to cracking than wired connections. Some wireless users use WTLS, but this security feature is known to be a relatively weak level of security. One solution requires a Virtual Private Network (VPN) data encapsulation/encryption to access sensitive data, even when the majority of clients are accessing the filesystem via token ring. This VPN data encapsulation would further negatively impact the speed of the servers as they encrypt and decrypt all data.
It is also possible to configure VPNs or servers on a VPN to recognize IP addresses or subnets and only require encryption on certain subnets. One problem with this solution is that the administrator of the distributed filesystem server must have knowledge of every wireless node that is not within the network. If a wireless network is set up by an organization within their department, the server administrator would need to be made aware of the wireless network so that the subnet could be added to the VPN list of IP addresses.
In light of the foregoing, the present invention recognizes that it would be desirable to have a method, system and data processing system that dynamically implements enhanced mount security when access to sensitive files on a distributed filesystem is requested. A method and system that would automatically provide a secure mount whenever sensitive file/data are about to be accessed during an ongoing session would be a welcomed improvement. It would be further desirable if the secure mount was completed in a seamless manner so that the authorized user receives access to the sensitive file without experiencing a disconnect and re-mount authentication process, while the sensitive file is shielded from unauthorized capture by routing the sensitive file via the more secure mount.