Prevention of a DoS Attack with Copy-on-write in the Overlay Filesystem
| Autor: | Satou, Hirofumi, Kourai, Kenichi |
|---|---|
| Rok vydání: | 2021 |
| Předmět: | |
| Zdroj: | 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). |
| DOI: | 10.1109/dasc-picom-cbdcom-cyberscitech52372.2021.00026 |
| Popis: | Recently, containers are widely used for lightweight virtualization. A container usually uses a disk image that stacks a thin writable layer on top of a read-only image layer. For this layering, a filesystem called OverlayFS is often used. To modify a file in the read-only lower layer, OverlayFS first copies the entire file to the upper layer and then writes requested data to it. This copy-on-write suspends a container for a long time and consumes the disk space of the upper layer when the size of the target file is large. If large files are intentionally modified by attackers, a potential denial-of-service (DoS) attack can be mounted. This paper proposes a new filesystem, called TranslayFS, based on OverlayFS to prevent this type of DoS attack. TranslayFS creates only a special file called a sparse file in the upper layer when a container modifies a file in the lower layer for the first time. Using this file, it holds only modified file data in the upper layer without copying the entire file. It returns the modified part of the file from the upper layer and the unmodified part from the lower layer. We have implemented TranslayFS in the Linux kernel and confirmed that TranslayFS could dramatically reduce the latency in the first write to a file, so that the DoS attack was not possible. 19th IEEE International Conference on Dependable, Autonomic & Secure Computing (DASC 2021), October 25-28, 2021, Virtual Conference |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|