SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    ISCSI: User authentication vs. Machine Authentication for iSCSI


    • To: "Ips@Ece. Cmu. Edu" <ips@ece.cmu.edu>
    • Subject: ISCSI: User authentication vs. Machine Authentication for iSCSI
    • From: "Bill Strahm" <bill@sanera.net>
    • Date: Wed, 29 Aug 2001 08:40:54 -0700
    • Content-Transfer-Encoding: 7bit
    • Content-Type: text/plain;charset="iso-8859-1"
    • Importance: Normal
    • Sender: owner-ips@ece.cmu.edu

    I have been fighting with this problem since I left LA.
    
    I am not aware of any usage scenarios today where block devices are owned by
    the user rather than the machine.  I will conceed that in many instances the
    first thing the system does is assign the resource to a use (tape, scanner,
    etc.) but the machine still owns the resource and can in fact remove it out
    from under the user...
    
    I am not to certain how I could build a trusted iSCSI environment where one
    user would have no knowledge about what was happening with other users in a
    malicious environment (especially where a system was participating in the
    exposure of resourses).  Examples of this include things like co-located Web
    hosting where a single user scans process memory looking for 1Kbit of random
    data, and when finding it attempts to determine if that is the private key
    of a user sharing the resource.
    
    The reason I am bringing this up, is I am not sure trying to define security
    above the machine level makes any sense for iSCSI.  Aren't most SCSI devices
    owned by the Operating System not the User and partitioned out by the
    Operating System to the users ?  If this is the case many of our
    authentication methods simplify to simple IKE identities.
    
    Bill
    
    


Home

Last updated: Tue Sep 04 01:03:51 2001
6315 messages in chronological order