About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Conference paper
Filenail: Working with incomplete filesystem state
Abstract
The use of filesystems has become a standard, with a purpose well beyond just storing and accessing application data. For instance, common system security and compliance operations, sush as software or package installation, system and application configurations or process management also leverage a filesystem. Over decades, various system management and security tools have been designed to access system state and to implement their respective functions through a file interface. However, we observe that these tools do not require access to all the files in the filesystem and in some cases they can even work with incomplete file contents. Motivated by these observations, we propose filenail (or Filesystem Thumbnail) a system that exercises an incomplete filesystem state marshalling and un-marshalling protocol. We discuss the use of filenail to implement an effective and optimal disaggregated solution to perform common system security tasks for container clouds. In general, depending on the use-case not all the files in the filesystem are equal and that incomplete filesystem state can be often enough. The results of this paper show filenail is very efficient in capturing and transferring filesystem state of systems and enables implementing disaggregated security solutions in the cloud.