RE: ISCSI: User authentication vs. Machine Authentication for iSCSI

To: "Ips@Ece. Cmu. Edu" <ips@ece.cmu.edu>
Subject: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
From: Charles Monia <cmonia@NishanSystems.com>
Date: Wed, 29 Aug 2001 15:51:16 -0700
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu

Hi Bill:

Everything you say is right, up to a point. The functionality envisioned is
a virtualization environment in which the operating system, acting on behalf
of a user, instantiates an initiator entity at the bottom of the O/S driver
stack.  That entity in turn, may be logged into a virtualized storage
environment created specifically for that user. Afterwords, all i/o directed
to that initiator is controlled by the standard O/S mechanisms.

All this is analogous to plugging in a new hardware HBA. The powerful
feature in this case is the ability to totally control the 'HBA's' view of
the storage network.

Charles 
> -----Original Message-----
> From: Bill Strahm [mailto:bill@sanera.net]
> Sent: Wednesday, August 29, 2001 2:23 PM
> To: mbakke@cisco.com
> Cc: Ips@Ece. Cmu. Edu
> Subject: RE: ISCSI: User authentication vs. Machine Authentication for
> iSCSI
> 
> 
> I am not sure that helped.  Again, the model of a Tape drive...
> 
> The user does not own the tape drive, the operating system 
> owns the tape
> drive, when I (as a user) wants to use the tape drive, I ask 
> the operating
> system, it grants me access, and I go on.
> 
> In fact from a purely SCSI level, I do not believe there is 
> any concept of a
> user at all, the Operating system on the device provides the 
> concept of a
> user through the OS abstraction layer.
> 
> The problem that I am having is that I do not see how I can make user
> security work through the OS abstraction.  And if the OS HAS 
> to know about
> the multiple users, I now have to trust the OS as well, which 
> means that
> effectively I have one user on the machine anyway...
> 
> Bill
> 
> -----Original Message-----
> From: mbakke@cisco.com [mailto:mbakke@cisco.com]
> Sent: Wednesday, August 29, 2001 2:06 PM
> To: Bill Strahm
> Cc: Ips@Ece. Cmu. Edu
> Subject: Re: ISCSI: User authentication vs. Machine Authentication for
> iSCSI
> 
> 
> Bill Strahm wrote:
> >
> > I have been fighting with this problem since I left LA.
> >
> > I am not aware of any usage scenarios today where block 
> devices are owned
> by
> > the user rather than the machine.  I will conceed that in 
> many instances
> the
> > first thing the system does is assign the resource to a use (tape,
> scanner,
> > etc.) but the machine still owns the resource and can in 
> fact remove it
> out
> > from under the user...
> >
> > I am not to certain how I could build a trusted iSCSI 
> environment where
> one
> > user would have no knowledge about what was happening with 
> other users in
> a
> > malicious environment (especially where a system was 
> participating in the
> > exposure of resourses).  Examples of this include things 
> like co-located
> Web
> > hosting where a single user scans process memory looking 
> for 1Kbit of
> random
> > data, and when finding it attempts to determine if that is 
> the private key
> > of a user sharing the resource.
> >
> > The reason I am bringing this up, is I am not sure trying to define
> security
> > above the machine level makes any sense for iSCSI.  Aren't most SCSI
> devices
> > owned by the Operating System not the User and partitioned 
> out by the
> > Operating System to the users ?  If this is the case many of our
> > authentication methods simplify to simple IKE identities.
> >
> > Bill
> 
> Bill-
> 
> As you pointed out, there is a case where just using IKE with
> an iSCSI AuthMethod of "none" is valid.  That case is where:
> 
> - There a one-to-one correspondence between an initiator and an
>   operating system
> - IPsec is being used for all iSCSI traffic
> - The customer is willing to deploy public key certificates on the
>   client side (for each initiator) as well as on the devices
> 
> If all of the above are true, iSCSI can certainly use an AuthMethod
> of none, and be done with it.
> 
> However,
> 
> - There are cases (David Black brought up some tape 
> applications) where
>   more than one initiator might exist on an operating system
> 
> - IPsec is not likely to be used for a large percentage of iSCSI
>   traffic any time soon
> 
> - When IPsec is used, many customers will have an easier time with the
>   familiar model of authenticating the server "machine" but using a
>   dummy certificate for the client.
> 
> If any of the above are true, iSCSI-level of authentication is
> required.
> 
> Hope this helps,
> 
> Mark
>

Prev by Date: iSCSI: SCSI arch model mapping for iSCSI
Next by Date: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
Prev by thread: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
Next by thread: RE: ISCSI: User authentication vs. Machine Authentication for iSCSI
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:03:51 2001
6315 messages in chronological order