Abstract
Access to network files from Linux presents many security challenges, especially as data moves to the cloud. This presentation will provide an overview of security considerations for accessing remote files, and where improvements in standards are needed, focusing on the most popular file system protocol (SMB3.1.1). The security features of the family of protocols will be described, and also areas where a file system can integrate with Linux security components. Access to storage over these protocols is often encrypted, and relies on other security protocols for authentication, for verifying claims and for id mapping. Integration with future security protocols will be needed, and also finding better interfaces to map a user's identity among the various ways it is represented in Linux (username, POSIX UID, globally unique SIDs, OID). As more data moves to remote storage, the importance of network file system security becomes more critical. This presentation will discuss the current security options and their status and areas where additional improvements are needed.