Efficient security interface for high-performance Ceph storage systems

被引:0
作者
Parast, Fatemeh Khoda [1 ]
Damghani, Seyed Alireza [1 ]
Kelly, Brett [2 ]
Wang, Yang [3 ]
Kent, Kenneth B. [1 ]
机构
[1] Univ New Brunswick, Fac Comp Sci, Fredericton, NB, Canada
[2] 45 Drives Inc, Sydney, NS, Canada
[3] Chinese Acad Sci, Shenzhen Inst Adv Technol, Shenzhen, Peoples R China
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2025年 / 164卷
基金
加拿大自然科学与工程研究理事会;
关键词
Security; Storage; High-performance computing; Ceph; Cryptography; CLOUD;
D O I
10.1016/j.future.2024.107571
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Ceph portrays a resilient clustered storage solution with supporting object, block, and file storage capabilities with no single point of failure. Despite these qualifications, data confidentiality defines a concern in the system, as authentication and access control are the only data protection security services in Ceph. CephArmor was proposed as a third-party security interface to protect data confidentiality by adding an extra protection layer to data at rest. Despite the added layer, the initial design of the API needed to be more efficient in addressing security and performance simultaneously. In this study, we propose a new architectural design to address the associated issues with the preliminary prototype. Comprehensive performance and security analysis verify the improvement of the proposed method compared to the initial approach. The benchmark result has indicated a 37% improvement on average in IOPS, elapsed time, and bandwidth for the write benchmark compared to the initial model.
引用
收藏
页数:10
相关论文
共 39 条
[31]   Adaptive Compiler Strategies for Mitigating Timing Side Channel Attacks [J].
Van Cleemput, Jeroen ;
De Sutter, Bjorn ;
De Bosschere, Koen .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2020, 17 (01) :35-49
[32]  
Weil S. A., 2007, THESIS U CALIFORNIA
[33]  
Weil S.A., 2007, P 2 INT WORKSH PET D, P35, DOI DOI 10.1145/1374596.1374606
[34]  
Weiser S, 2018, PROCEEDINGS OF THE 27TH USENIX SECURITY SYMPOSIUM, P603
[35]  
Wen D., 2011, Ph.D. thesis
[36]   On construction of a network log management system using ELK Stack with Ceph [J].
Yang, Chao-Tung ;
Kristiani, Endah ;
Wang, Yuan-Ting ;
Min, Geyong ;
Lai, Ching-Han ;
Jiang, Wei-Je .
JOURNAL OF SUPERCOMPUTING, 2020, 76 (08) :6344-6360
[37]   Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system [J].
Yang, Yang ;
Zheng, Xianghan ;
Guo, Wenzhong ;
Liu, Ximeng ;
Chang, Victor .
INFORMATION SCIENCES, 2019, 479 :567-592
[38]  
Yarom Y, 2014, PROCEEDINGS OF THE 23RD USENIX SECURITY SYMPOSIUM, P719
[39]   DeltaFS: A Scalable No-Ground -Truth Filesystem For Massively -Parallel Computing [J].
Zheng, Qing ;
Cranor, Charles D. ;
Ganger, Gregory R. ;
Gibson, Garth A. ;
Amvrosiadis, George ;
Settlemyer, Bradley W. ;
Grider, Gary A. .
SC21: INTERNATIONAL CONFERENCE FOR HIGH PERFORMANCE COMPUTING, NETWORKING, STORAGE AND ANALYSIS, 2021,