Filenail
- 7 December 2020
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 2020 6th International Workshop on Container Technologies and Container Clouds
Abstract
The use of filesystems has become a standard, with a purpose well beyond just storing and accessing application data. For instance, common system security and compliance operations, sush as software or package installation, system and application configurations or process management also leverage a filesystem. Over decades, various system management and security tools have been designed to access system state and to implement their respective functions through a file interface. However, we observe that these tools do not require access to all the files in the filesystem and in some cases they can even work with incomplete file contents. Motivated by these observations, we propose filenail (or Filesystem Thumbnail) a system that exercises an incomplete filesystem state marshalling and un-marshalling protocol. We discuss the use of filenail to implement an effective and optimal disaggregated solution to perform common system security tasks for container clouds. In general, depending on the use-case not all the files in the filesystem are equal and that incomplete filesystem state can be often enough. The results of this paper show filenail is very efficient in capturing and transferring filesystem state of systems and enables implementing disaggregated security solutions in the cloud.Keywords
This publication has 14 references indexed in Scilit:
- DéjàVuPublished by Association for Computing Machinery (ACM) ,2018
- DrishtiPublished by Association for Computing Machinery (ACM) ,2018
- Usable declarative configuration specification and validation for applications, systems, and cloudPublished by Association for Computing Machinery (ACM) ,2017
- OpvisPublished by Association for Computing Machinery (ACM) ,2017
- Voyager: Complete Container State MigrationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- EXTERIORACM SIGPLAN Notices, 2013
- 12MAP: Cloud Disaster Recovery Based on Image-Instance MappingLecture Notes in Computer Science, 2013
- Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data RedirectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- LithiumPublished by Association for Computing Machinery (ACM) ,2010
- XCPU: a new, 9p-based, process management system for clusters and gridsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006