STORAGE ISOLATION USING I/O AUTHENTICATION

STORAGE ISOLATION USING I/O AUTHENTICATION

Techniques are described for logically isolating data I/O requests from different operating systems (OSes) for a same multi-tenant storage system (MTSS). Techniques provide for OSes and the MTSS to obtain security tokens associated with the OSes. In an embodiment, an OS uses a security token to gene...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Bagal Prasad, Nandyala Harish, Tomar Samarjeet
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques are described for logically isolating data I/O requests from different operating systems (OSes) for a same multi-tenant storage system (MTSS). Techniques provide for OSes and the MTSS to obtain security tokens associated with the OSes. In an embodiment, an OS uses a security token to generate an authentication token based on the contents of a data input/output (I/O) request and sends the authentication token to the MTSS along with the data I/O request. When an MTSS receives such data I/O request, MTSS retrieves its own copy of the security token associated with the OS and generates its own authentication token based on the contents of the received data I/O request. If the authentication token generated by the MTSS matches the authentication token generated by the OS, then the data I/O request is successfully authenticated. Otherwise, if the authorization tokens fail to match, then the data I/O request has been compromised. For example, either the contents of data I/O request has been tampered with, or an entity other than the OS, has sent the data I/O request in the first place. Accordingly, the data I/O request may not be serviced by the MTSS.