6 research outputs found
Towards Software-Defined Data Protection: GDPR Compliance at the Storage Layer is Within Reach
Enforcing data protection and privacy rules within large data processing
applications is becoming increasingly important, especially in the light of
GDPR and similar regulatory frameworks. Most modern data processing happens on
top of a distributed storage layer, and securing this layer against accidental
or malicious misuse is crucial to ensuring global privacy guarantees. However,
the performance overhead and the additional complexity for this is often
assumed to be significant -- in this work we describe a path forward that
tackles both challenges. We propose "Software-Defined Data Protection" (SDP),
an adoption of the "Software-Defined Storage" approach to non-performance
aspects: a trusted controller translates company and application-specific
policies to a set of rules deployed on the storage nodes. These, in turn, apply
the rules at line-rate but do not take any decisions on their own. Such an
approach decouples often changing policies from request-level enforcement and
allows storage nodes to implement the latter more efficiently.
Even though in-storage processing brings challenges, mainly because it can
jeopardize line-rate processing, we argue that today's Smart Storage solutions
can already implement the required functionality, thanks to the separation of
concerns introduced by SDP. We highlight the challenges that remain, especially
that of trusting the storage nodes. These need to be tackled before we can
reach widespread adoption in cloud environments
Software-Defined Data Protection: Low Overhead Policy Compliance at the Storage Layer is Within Reach!
Most modern data processing pipelines run on top of a distributed storage layer, and securing the whole system, and the storage layer in particular, against accidental or malicious misuse is crucial to ensuring compliance to rules and regulations. Enforcing data protection and privacy rules, however, stands at odds with the requirement to achieve higher and higher access bandwidths and processing rates in large data processing pipelines. In this work we describe our proposal for the path forward that reconciles the two goals. We call our approach "Software-Defined Data Protection" (SDP). Its premise is simple, yet powerful: decoupling often changing policies from request-level enforcement allows distributed smart storage nodes to implement the latter at line-rate. Existing and future data protection frameworks can be translated to the same hardware interface which allows storage nodes to offload enforcement efficiently both for company-specific rules and regulations, such as GDPR or CCPA. While SDP is a promising approach, there are several remaining challenges to making this vision reality. As we explain in the paper, overcoming these will require collaboration across several domains, including security, databases and specialized hardware design
DINOMO: An Elastic, Scalable, High-Performance Key-Value Store for Disaggregated Persistent Memory (Extended Version)
We present Dinomo, a novel key-value store for disaggregated persistent
memory (DPM). Dinomo is the first key-value store for DPM that simultaneously
achieves high common-case performance, scalability, and lightweight online
reconfiguration. We observe that previously proposed key-value stores for DPM
had architectural limitations that prevent them from achieving all three goals
simultaneously. Dinomo uses a novel combination of techniques such as ownership
partitioning, disaggregated adaptive caching, selective replication, and
lock-free and log-free indexing to achieve these goals. Compared to a
state-of-the-art DPM key-value store, Dinomo achieves at least 3.8x better
throughput on various workloads at scale and higher scalability, while
providing fast reconfiguration.Comment: This is an extended version of the full paper to appear in PVLDB
15.13 (VLDB 2023
Towards Software-Defined Data Protection: GDPR Compliance at the Storage Layer is Within Reach
Enforcing data protection and privacy rules within large data processing applications is becoming increasingly important, especially in the light of GDPR and similar regulatory frameworks. Most modern data processing happens on top of a distributed storage layer, and securing this layer against accidental or malicious misuse is crucial to ensuring global privacy guarantees. However, the performance overhead and the additional complexity for this is often assumed to be significant — in this work we describe a path forward that tackles both challenges. We propose "Software-Defined Data Protection" (SDP), an adoption of the "Software-Defined Storage" approach to non-performance aspects: a trusted controller translates company and application-specific policies to a set of rules deployed on the storage nodes. These, in turn, apply the rules at line-rate but do not take any decisions on their own. Such an approach decouples often changing policies from request-level enforcement and allows storage nodes to implement the latter more efficiently. Even though in-storage processing brings challenges, mainly because it can jeopardize line-rate processing, we argue that today's Smart Storage solutions can already implement the required functionality, thanks to the separation of concerns introduced by SDP. We highlight the challenges that remain, especially that of trusting the storage nodes. These need to be tackled before we can reach widespread adoption in cloud environments