Storage isolation using I/O authentication

Assignee

• Oracle International Corporation · US

Inventors

• Prasad V. Bagal · San Jose, US
• Samarjeet Tomar · Kanchinakote, IN
• Harish Nandyala · Fremont, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/1097
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques are described for logically isolating data I/O requests from different operating systems (OSes) for a same multi-tenant storage system (MTSS). Techniques provide for OSes and the MTSS to obtain security tokens associated with the OSes. In an embodiment, an OS uses a security token to generate an authentication token based on the contents of a data input/output (I/O) request and sends the authentication token to the MTSS along with the data I/O request. When an MTSS receives such data I/O request, MTSS retrieves its own copy of the security token associated with the OS and generates its own authentication token based on the contents of the received data I/O request. If the authentication token generated by the MTSS matches the authentication token generated by the OS, then the data I/O request is successfully authenticated. Otherwise, if the authorization tokens fail to match, then the data I/O request has been compromised. For example, either the contents of data I/O request has been tampered with, or an entity other than the OS, has sent the data I/O request in the first place. Accordingly, the data I/O request may not be serviced by the MTSS.