Title
A Cost-Effective, High-Bandwidth Storage Architecture

Author
Gibson, Nagle, Amiri, Butler, Change, Gobioff, Hardin, Riedel, Rochberg, Zelenka.

Location
ASPLOS

Date
1998

Type of paper:
new idea: using new technology (smarter hardware, disks) to take
centralized servers (a bottleneck) out of the networked storage
equation.

Terminology:
- object: file without a name, just an ID number.  Disks essentially store object/offsets in a flat directory space.
- SAN: Storage/System Area Network.  Uses Fibrechannel which is
subtlely different from TCP/IP.  Fibrechannel has guaranteed delivery.
- Capability: Clients contact servers to ask for permission to do
something, and the server hand them a signed key (a capability) which
the NASD verifies (because it knows the servers public key).
- NAS: network attached storage, like an Network Appliance's NFS box.
A NAS might speak NFS/AFS/CIFS and might keep a SAN behind it.

Goals:
Network Attached Secure Disk's (NASD) goals:
1) direct transfer to clients
2) secure interfaces via cryptographic support
3) asynchronous non-critical path oversight
4) variably-sized data object

NASD separates management and filesystem semantics from
store-and-forward copying.  Figure 2 gives a fairly good synopsis of
where how their architecture works as opposed to other forms.  Using
an object interface in storage rather than a fixed-block interface
moves data layout management to the disk.  The common case operation
is read/write.  Here we only need to go to the server for directory
operations.  Can putting the cryptography in silicon make it fast
enough to decrypt on each block access?

Problems:
Security disabled in their experiments because their chips do not
support it.
Their AFS performance must suck because they say they built it but
don't show it in their experiements.

Intersting sources:
Active Disk papers: Acharya98, Riedel98.  Pannasus is a startup which
is building NASDs.


A Cost-Effective High-Bandwidth Storage Architecture

The paper describes the Network-Attached Secure Disk storage architecture,
which the authors believe provides scalable storage bandwith without the
cost of servers used primarily for transferring data from peripheral
networks to client networks. NASD separates management and filesystem
semantics from store-and forward copying. It evolves the interface for
commodity storage devices it eliminates the server resources required
solely for data management.

NASD has four main properties; it is a storage in which data is
transferred between drive and client without indirection or
store-and-forward through a file server machine. It has asynchronous
oversight - the ability of the client to perform most operations without
synchronous appeal to the file manager. NASD uses cryptographic techniques
to defend against potential attacks from adversaries. This is particularly
important since the storage is attached to the network and the drives are
open to direct attack. The last important property of NASD is the
object-based interface - drives export variable length objects instead of
fixed-size blocks. This allows drives direct knowledge of the
relationships between disk blocks and minimizes security overhead.
NASD interface provides soft partitions, control objects and per-object
attributes for data management. Objects with well-known names and
structures allow configuration and bootstrap of drives and partitions.
There is also an uninterpreted block of attribute space available to the
file manager to record its own long-term, per-object state.

NASD security is based on cryptographic capabilities. Capabilities are
protected by a small number of keys organized into a four-level hierarchy.
Clients obtain capabilites from a file manager using a secure and private
protocol. Everytime when a request for an operation is issued by a client
a driver verifies that request by checking the client's capabilites.
The performance tests are not very optimistic. First, it turns out that
the RPC mechanism is too costly so scalability suffers from that. The
tests that estimate the computational power needed in a drive
micro-controller show that NASD control is not too expensive but that
workstation-class implementations of communications are. The authors show
also that simple modifications to existing filesystems (NFS, AFS) allow
NASD devices to be used without performance loss. The authors also build a
small parallel distributed filesystem designed for NASD in order to show
that NASD provides scalable bandwith.

I need much more information about the internal operation of NASD in order
to believe that it is a good idea. I would like to know how exactly the
file manager works, how often it is queried, how much management power it
has over the objects on disk. Also, I want to know more about the
cryptographic techniques used and how much overhead they have. I believe
most of this information is provided in other papers related to the same
project. This paper gave me some general idea of the design of NASD but
did not provide sufficient information that would let me evaluate it.