Guardat: enforcing data policies at the storage layer

In today's data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally that its overhead is low.

[1]  Joseph M. Hellerstein,et al.  The design and implementation of declarative networks , 2006 .

[2]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[3]  Carsten Weinhold jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components , 2011, USENIX Annual Technical Conference.

[4]  Ramakrishna Kotla,et al.  Pasture: Secure Offline Data Access Using Commodity Trusted Hardware , 2012, OSDI.

[5]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[6]  Emin Gün Sirer,et al.  Nexus authorization logic (NAL): Design rationale and applications , 2011, TSEC.

[7]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Oleg Kiselyov,et al.  Soutei, a Logic-Based Trust-Management System , 2006, FLOPS.

[9]  Dalit Naor,et al.  Capability based Secure Access Control to Networked Storage Devices , 2007, 24th IEEE Conference on Mass Storage Systems and Technologies (MSST 2007).

[10]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[11]  James Lau,et al.  File System Design for an NFS File Server Appliance , 1994, USENIX Winter.

[12]  Hermann Härtig,et al.  VPFS: building a virtual private file system with a small trusted computing base , 2008, Eurosys '08.

[13]  Kanishk Jain Object-based Storage , 2022 .

[14]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[15]  Hai Jin,et al.  A CostEffective, HighBandwidth Storage Architecture , 2002 .

[16]  Patrick D. McDaniel,et al.  Rootkit-resistant disks , 2008, CCS.

[17]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[18]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[19]  Angela Demke Brown,et al.  Verifying File System Consistency at Runtime , 2011 .

[20]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[21]  Jim Zelenka,et al.  A cost-effective, high-bandwidth storage architecture , 1998, ASPLOS VIII.

[22]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[23]  Angela Demke Brown,et al.  Recon: Verifying file system consistency at runtime , 2012, TOS.

[24]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[25]  Andrea C. Arpaci-Dusseau,et al.  SQCK: A Declarative File System Checker , 2008, OSDI.

[26]  Thomas Moyer,et al.  New Security Architectures Based on Emerging Disk Functionality , 2010, IEEE Security & Privacy.

[27]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[28]  Fred B. Schneider,et al.  Costs of Security in the PFS File System , 2012 .

[29]  Emmett Witchel,et al.  Application-Defined Decentralized Access Control , 2014, USENIX Annual Technical Conference.

[30]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[31]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[32]  Yuri Gurevich,et al.  DKAL: Distributed-Knowledge Authorization Language , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[33]  Frank Pfenning,et al.  A Proof-Carrying File System , 2010, 2010 IEEE Symposium on Security and Privacy.

[34]  Patrick D. McDaniel,et al.  Kells: a protection framework for portable data , 2010, ACSAC '10.

[35]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[36]  Gregory R. Ganger,et al.  Object-based storage , 2003, IEEE Commun. Mag..

[37]  Tian Luo,et al.  Differentiated storage services , 2011, SOSP.

[38]  Emin Gün Sirer,et al.  Logical attestation: an authorization architecture for trustworthy computing , 2011, SOSP.

[39]  Jacob R. Lorch,et al.  A five-year study of file-system metadata , 2007, TOS.

[40]  Michael Burrows,et al.  Proceedings of Fast '03: 2nd Usenix Conference on File and Storage Technologies 2nd Usenix Conference on File and Storage Technologies Block-level Security for Network-attached Disks , 2022 .

[41]  Christos Faloutsos,et al.  Active Disks for Large-Scale Data Processing , 2001, Computer.

[42]  Gregory R. Ganger,et al.  Storage-Based Intrusion Detection , 2010, TSEC.

[43]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[44]  Ion Stoica,et al.  Implementing declarative overlays , 2005, SOSP '05.

[45]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[46]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[47]  Erez Zadok,et al.  Type-safe disks , 2006, OSDI '06.

[48]  Martín Abadi,et al.  Authorizing applications in singularity , 2007, EuroSys '07.

[49]  Andrea C. Arpaci-Dusseau,et al.  Semantically-Smart Disk Systems , 2003, FAST.