ABSTRACT
We have been developing a framework, called Recon, that uses runtime checking to protect the integrity of file-system metadata on disk. Recon performs consistency checks at commit points in transaction-based file systems. We define declarative statements called consistency invariants for a file system, which must be satisfied by each transaction being committed to disk. By checking each transaction before it commits, we prevent any corruption to file-system metadata from reaching the disk.
Our prototype system required writing the consistency invariants in C. In this paper, we argue that using a declarative language to express and check these invariants improves the clarity of the rules, making them easier to reason about, verify, and port to new file systems. We describe how file system invariants can be written and checked using the Datalog declarative language in the Recon framework.
- Daniel Fryer, Rahat Mahmood, Ashvin Goel, and Angela Demke Brown. Verifying file system consistency at runtime. Technical report, University of Toronto, 2011. http://hdl.handle.net/1807/27754.Google Scholar
- Gregory R. Ganger, Marshall Kirk McKusick, Craig A. N. Soules, and Yale N. Patt. Soft updates: a solution to the metadata update problem in file systems. ACM Transactions on Computer Systems, 18(2):127--153, 2000. Google ScholarDigital Library
- Haryadi S. Gunawi, Thanh Do, Pallavi Joshi, Peter Alvaro, Joseph M. Hellerstein, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Koushik Sen, and Dhruba Borthakur. Fate and destini: a framework for cloud recovery testing. In Proceedings of the Networked Systems Design and Implementation (NSDI), April 2011. Google ScholarDigital Library
- Haryadi S. Gunawi, Vijayan Prabhakaran, Swetha Krishnan, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. Improving file system reliability with i/o shepherding. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 293--306, 2007. Google ScholarDigital Library
- Haryadi S. Gunawi, Abhishek Rajimwale, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. SQCK: A declarative file system checker. In Proceedings of the Operating Systems Design and Implementation (OSDI), December 2008. Google ScholarDigital Library
- R. Hagmann. Reimplementing the Cedar file system using logging and group commit. In Proceedings of the Symposium on Operating Systems Principles (SOSP), November 1987. Google ScholarDigital Library
- Dave Hitz, James Lau, and Michael Malcolm. File system design for an nfs file server appliance. In Proceedings of the USENIX Technical Conference, 1994. Google ScholarDigital Library
- Boon Thau Loo, Tyson Condie, Joseph M. Hellerstein, Petros Maniatis, Timothy Roscoe, and Ion Stoica. Implementing declarative overlays. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 75--90, 2005. Google ScholarDigital Library
- Vijayan Prabhakaran, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. Model-based failure analysis of journaling file systems. In Proceedings of the IEEE Dependable Systems and Networks, pages 802--811, 2005. Google ScholarDigital Library
- Vijayan Prabhakaran, Lakshmi N. Bairavasundaram, Nitin Agrawal, Haryadi S. Gunawi, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. Iron file systems. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 206--220, 2005. Google ScholarDigital Library
- Adrian Schüpbach, Andrew Baumann, Timothy Roscoe, and Simon Peter. A declarative language approach to device configuration. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 119--132, March 2011. Google ScholarDigital Library
- Muthian Sivathanu, Vijayan Prabhakaran, Florentina I. Popovici, Timothy E. Denehy, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. Semantically-smart disk systems. In USENIX Conference on File and Storage Technologies, pages 73--88, 2003. Google ScholarDigital Library
- Junfeng Yang, Can Sar, Paul Twohey, Cristian Cadar, and Dawson Engler. Automatically generating malicious disks using symbolic execution. In Proceedings of the IEEE Symposium on Security and Privacy, pages 243--257, 2006. Google ScholarDigital Library
- Junfeng Yang, Paul Twohey, Dawson Engler, and Madanlal Musuvathi. Using model checking to find serious file system errors. ACM Transactions on Computer Systems, 24(4):393--423, 2006. Google ScholarDigital Library
- Yupu Zhang, Abhishek Rajimwale, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. End-to-end data integrity for file systems: a ZFS case study. In Proceedings of the USENIX Conference on File and Storage Technologies, 2010. Google ScholarDigital Library
Index Terms
- Using declarative invariants for protecting file-system integrity
Comments