research-article

Open access

Guardat: enforcing data policies at the storage layer

Authors:

Anjo Vahldiek-Oberwagner,

Eslam Elnikety,

Peter Druschel,

Rodrigo Rodrigues,

Johannes Gehrke,

Ansley PostAuthors Info & Claims

EuroSys '15: Proceedings of the Tenth European Conference on Computer Systems

Article No.: 13, Pages 1 - 16

https://doi.org/10.1145/2741948.2741958

Published: 17 April 2015 Publication History

Abstract

In today's data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally that its overhead is low.

Supplementary Material

MP4 File (a13-sidebyside.mp4)

Download
1019.26 MB

References

[1]

Agrawal, N., Bolosky, W. J., Douceur, J. R., and Lorch, J. R. A five-year study of file-system metadata. Trans. Storage 3, 3 (2007).

Digital Library

[2]

Aguilera, M. K., Ji, M., Lillibridge, M., MacCormick, J., Oertli, E., Andersen, D. G., Burrows, M., Mann, T., and Thekkath, C. Block-level security for network-attached disks. In Proc. of the 2nd USENIX FAST (2003).

Digital Library

[3]

Amazon simple storage service (S3). http://aws.amazon.com/s3/.

[4]

Apple Inc. Fusion Drive. https://support.apple.com/en-us/HT202574.

[5]

ARM. ARM Security Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf, ARM Technical White Paper, 2009.

[6]

Becker, M. Y., Fournet, C., and Gordon, A. D. Design and semantics of a decentralized authorization language. In Proc. of the 20th IEEE Computer Security Foundations Symposium (2007).

Digital Library

[7]

Blaze, M., Fiegenbaum, J., and Ioannidis, J. The Keynote trust-management system version 2. See http://www.ietf.org/rfc/rfc2704.txt, 1999.

Digital Library

[8]

Btrfs. Btrfs. https://btrfs.wiki.kernel.org/index.php/Main_Page, 2014.

[9]

Butler, K., McLaughlin, S., Moyer, T., and McDaniel, P. New security architectures based on emerging disk functionality. IEEE Computer Society.

Digital Library

[10]

Butler, K. R. B., McLaughlin, S. E., and McDaniel, P. D. Rootkit-resistant disks. In Proc. of the ACM CCS (2008).

Digital Library

[11]

Butler, K. R. B., McLaughlin, S. E., and McDaniel, P. D. Kells: a protection framework for portable data. In Proc. of the ACSAC (2010).

Digital Library

[12]

Chen, X., Garfinkel, T., Lewis, E. C., Subrahmanyam, P., Waldspurger, C. A., Boneh, D., Dwoskin, J., and Ports, D. R. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proc. of the 13th ACM ASPLOS (2008).

Digital Library

[13]

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and Polk, W. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280. http://www.ietf.org/rfc/rfc5280.txt, 2008.

[14]

DeTreville, J. Binder, a logic-based security language. In Proc. of the IEEE S&P (2002).

Digital Library

[15]

Factor, M., Naor, D., Rom, E., Satran, J., and Tal, S. Capability based secure access control to networked storage devices. In Proc. of the 24th IEEE MSST (2007).

Digital Library

[16]

Fryer, D., Sun, K., Mahmood, R., Cheng, T., Benjamin, S., Goel, A., and Brown, A. D. Recon: Verifying file system consistency at runtime. Trans. Storage 8, 4 (Dec. 2012).

Digital Library

[17]

Garg, D., and Pfenning, F. A proof-carrying file system. In Proc. of the 31st IEEE S&P (2010).

Digital Library

[18]

Gibson, G. A., Nagle, D. F., Amiri, K., Butler, J., Chang, F. W., Gobioff, H., Hardin, C., Riedel, E., Rochberg, D., and Zelenka, J. A cost-effective, high-bandwidth storage architecture. In Proc. of the 8th ACM ASPLOS (1998).

Digital Library

[19]

Gunawi, H. S., Rajimwale, A., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. Sqck: A declarative file system checker. In Proc. of the 8th USENIX OSDI (2008).

Digital Library

[20]

Gurevich, Y., and Neeman, I. Dkal: Distributed-knowledge authorization language. In Proc. of the 21st IEEE Computer Security Foundations Symposium (2008).

Digital Library

[21]

Haldar, V., Chandra, D., and Franz, M. Semantic remote attestation: A virtual machine directed approach to trusted computing. In Proc. of the 3rd USENIX Virtual Machine Research And Technology Symposium (2004).

Digital Library

[22]

Hayakawa, M. WORM Storage on Magnetic Disks Using SnapLock Compliance and SnapLock Enterprise. Tech. Rep. TR-3263, Network Appliance, 2007.

[23]

Hitz, D., Lau, J., and Malcolm, M. File system design for an NFS file server appliance. In Proc. of the USENIX Winter Technical Conference (1994).

Digital Library

[24]

Hofmann, O. S., Kim, S., Dunn, A. M., Lee, M. Z., and Witchel, E. Inktag: Secure applications on an untrusted operating system. In Proc. of ACM ASPLOS (2013).

Digital Library

[25]

Intel Corp. AESNI library. http://software.intel.com/en-us/articles/download-the-intel-aesni-sample-library, 2011.

[26]

Intel Corp. Fast SHA256. http://download.intel.com/embedded/processor/whitepaper/327457.pdf, 2012.

[27]

Intel Corp. Software Guard Extension Programming Reference. http://software.intel.com/sites/default/files/329298-001.pdf, 2012.

[28]

Jim, T. SD3: A trust management system with certified evaluation. In Proc. of the IEEE S&P (2001).

Digital Library

[29]

Kotla, R., Rodeheffer, T., Roy, I., Stuedi, P., and Wester, B. Pasture: Secure offline data access using commodity trusted hardware. In Proc. of the 10th USENIX OSDI (2012).

Digital Library

[30]

Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M. F., Kohler, E., and Morris, R. Information flow control for standard OS abstractions. In Proc. of 21st ACM SOSP (2007).

Digital Library

[31]

Li, N., and Mitchell, J. C. Datalog with constraints: A foundation for trust management languages. In Proc. of the 5th Symposium on Practical Aspects of Declarative Languages (2003).

Digital Library

[32]

Loo, B. T. The Design and Implementation of Declarative Networks. PhD thesis, University of California, Berkeley, 2006.

Digital Library

[33]

Loo, B. T., Condie, T., Hellerstein, J. M., Maniatis, P., Roscoe, T., and Stoica, I. Implementing declarative overlays. In Proc. of the 20th ACM SOSP (2005).

Digital Library

[34]

Mesnier, M., Chen, F., Luo, T., and Akers, J. B. Differentiated storage services. In Proc. of the 23rd ACM SOSP (2011).

Digital Library

[35]

Mesnier, M., Ganger, G., and Riedel, E. Object-based storage. Communications Magazine 41, 8 (2003).

Digital Library

[36]

OASIS. eXtensible Access Control Markup Language (XACML). Online at http://www.oasis-open.org/committees/xacml.

[37]

OCZ Technology Inc. Deneva 2 data sheet. http://ocz.com/enterprise/download/product-briefs/deneva2_cs_slc_product_brief.pdf, 2011.

[38]

OpenSSL Cryptographic library. http://www.openssl.org/docs/crypto/crypto.html, 2012.

[39]

Oracle Corporation. Solaris ZFS. http://www.oracle.com/us/products/servers-storage/storage/storage-software/031857.htm.

[40]

Parno, B., McCune, J. M., and Perrig, A. Bootstrapping trust in commodity computers. In Proc. of the 31st IEEE S&P (2010).

Digital Library

[41]

Pennington, A. G., Griffin, J. L., Bucy, J. S., Strunk, J. D., and Ganger, G. R. Storage-based intrusion detection. ACM Trans. Inf. Syst. Secur. 13, 4 (Dec. 2010).

Digital Library

[42]

Pimlott, A., and Kiselyov, O. Soutei, a logic-based trust-management system. In Proc. of the 8th International Symposium on Functional and Logic Programming (FLOPS) (2006).

Digital Library

[43]

Riedel, E., Faloutsos, C., Gibson, G., and Nagle, D. Active disks for large-scale data processing. IEEE Computer 34, 6 (2001).

Digital Library

[44]

Samsung. 830 SSD data sheet. http://www.samsung.com/us/system/consumer/product/mz/7p/c1/mz7pc128nam/830.pdf, 2011.

[45]

Santos, N., Rodrigues, R., Gummadi, K. P., and Saroiu, S. Policy-sealed data: A new abstraction for building trusted cloud services. In Proc. of the 21st USENIX Security Symposium (2012).

Digital Library

[46]

Schneider, F. B., Walsh, K., and Sirer, E. G. Nexus authorization logic (nal): Design rationale and applications. ACM Trans. Inf. Syst. Secur. (June 2011).

Digital Library

[47]

Seagate Technology LLC. Kinetic Open Storage Platform. http://www.seagate.com/solutions/cloud/data-center-cloud/platforms.

[48]

Seagate Technology LLC. Self-encrypting hard disk drives in the data center. Tech. Rep. TP583, 2007.

[49]

Seagate Technology LLC. Barracuda Data Sheet. http://www.seagate.com/files/staticfiles/docs/pdf/datasheet/disc/barracuda-xt-ds1696.3-1102us.pdf, 2011.

[50]

Seagate Technology LLC. Momentus XT Data Sheet. http://www.seagate.com/docs/pdf/datasheet/disc/ds_momentus_xt.pdf, 2012.

[51]

Sirer, E. G., de Bruijn, W., Reynolds, P., Shieh, A., Walsh, K., Williams, D., and Schneider, F. B. Logical attestation: An authorization architecture for trustworthy computing. In Proc. of 23rd ACM SOSP (2011).

Digital Library

[52]

Sivathanu, G., Sundararaman, S., and Zadok, E. Type-safe disks. In Proc. of the 7th USENIX OSDI (2006).

Digital Library

[53]

Sivathanu, M., Prabhakaran, V., Popovici, F. I., Denehy, T. E., Arpaci-Dusseau, A. C., and Arpaci-Dusseau, R. H. Semantically-smart disk systems. In Proc. of the 2nd USENIX FAST (2003).

Digital Library

[54]

Storage Work Group of the Trusted Computing Group. Self-encrypting drives take off for strong data protection. http://www.trustedcomputinggroup.org/community/2010/03/selfencrypting_drives_take_off_for_strong_data_protection, 2011.

[55]

Storage Work Group of the Trusted Computing Group. TCG storage architecture core specification. http://www.trustedcomputinggroup.org/resources/tcg_storage_architecture_core_specification, 2011.

[56]

Strunk, J. D., Goodson, G. R., Scheinholtz, M. L., Soules, C. A. N., and Ganger, G. R. Self-securing storage: Protecting data in compromised systems. In Proc. of the 4th USENIX OSDI (2000).

Digital Library

[57]

The iSCSI Enterprise Target project. http://iscsitarget.sourceforge.net/, 2011.

[58]

Vahldiek-Oberwagner, A., Elnikety, E., Metha, A., Garg, D., Druschel, P., Rodrigues, R., Gehrke, J., and Post, A. Guardat: Enforcing data policies at the storage layer. Tech. Rep. 002, MPI-SWS, 2014. http://www.mpi-sws.org/cont/tr/2014-002.pdf.

[59]

Walsh, K., and Schneider, F. B. Costs of security in the PFS file system. Tech. rep., Computing and Information Science, Cornell University, 2012.

[60]

Warren, D. H. D. An abstract Prolog instruction set. Tech. Rep. Technical Note 309, SRI International, 1983.

[61]

Weinhold, C., and Härtig, H. VPFS: Building a virtual private file system with a small trusted computing base. In Proc. of the 3rd ACM EuroSys (2008).

Digital Library

[62]

Weinhold, C., and Härtig, H. jVPFS: Adding robustness to a secure stacked file system with untrusted local storage components. In Proc. of the USENIX ATC (2011).

Digital Library

[63]

Wikimedia Foundation. Image Dump. http://archive.org/details/wikimedia-image-dump-2005-11, 2005.

[64]

Wikimedia Foundation. Static HTML dump. http://dumps.wikimedia.org/, 2008.

[65]

Wikimedia Foundation. Page view statistics April 2012. http://dumps.wikimedia.org/other/pagecounts-raw/2012/2012-04/, 2012.

[66]

Wobber, E., Abadi, M., Burrows, M., and Lampson, B. Authentication in the Taos operating system. ACM Trans. Comput. Syst. 12, 1 (1994).

Digital Library

[67]

Wobber, T., Yumerefendi, A., Abadi, M., Birrell, A., and Simon, D. R. Authorizing applications in singularity. In Proc. of the 2nd ACM EuroSys (2007).

Digital Library

[68]

Xu, Y., Dunn, A. M., Hofmann, O. S., Lee, M. Z., Mehdi, S. A., and Witchel, E. Application-defined decentralized access control. In Proc. of USENIX ATC (2014).

Digital Library

[69]

Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazières, D. Making information flow explicit in HiStar. In Proc. of 7th USENIX OSDI (2006).

Digital Library

Cited By

Larisch JAqeel WChung TKohler ELevin DMaggs BParno BWilson C(2023)No Root Store Left BehindProceedings of the 22nd ACM Workshop on Hot Topics in Networks10.1145/3626111.3630268(295-301)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3626111.3630268
Larisch JAqeel WLum MGoldschlag YKannan LTorshizi KWang YChung TLevin DMaggs BMislove AParno BWilson CYin HStavrou ACremers CShi E(2022)HammurabiProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560594(1857-1870)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560594
Unnibhavi HCerdeira DBarbalace ASantos NBhatotia PIves ZBonifati AEl Abbadi A(2022)Secure and Policy-Compliant Query Processing on Heterogeneous Computational Storage ArchitecturesProceedings of the 2022 International Conference on Management of Data10.1145/3514221.3517913(1462-1477)Online publication date: 10-Jun-2022
https://dl.acm.org/doi/10.1145/3514221.3517913
Show More Cited By

Index Terms

Guardat: enforcing data policies at the storage layer

Recommendations

A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
PoCo: A Language for Specifying Obligation-Based Policy Compositions
ICSCA '20: Proceedings of the 2020 9th International Conference on Software and Computer Applications

Existing security-policy-specification languages allow users to specify obligations, but challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing ...
Conflicts in Policy-Based Distributed Systems Management

Modern distributed systems contain a large number of objects and must be capable of evolving, without shutting down the complete system, to cater for changing requirements. There is a need for distributed, automated management agents whose behavior also ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '15: Proceedings of the Tenth European Conference on Computer Systems

April 2015

503 pages

ISBN:9781450332385

DOI:10.1145/2741948

General Chair:
Laurent Réveillère
LaBRI, University of Bordeaux, France
,
Program Chairs:
Tim Harris
Oracle Labs, UK
,
Maurice Herlihy
Brown University

Copyright © 2015 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2015

Check for updates

Qualifiers

Research-article

Funding Sources

European Research Council

Conference

EuroSys '15

Sponsor:

SIGOPS

EuroSys '15: Tenth EuroSys Conference 2015

April 21 - 24, 2015

Bordeaux, France

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
1,082
Total Downloads

Downloads (Last 12 months)155
Downloads (Last 6 weeks)27

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Larisch JAqeel WChung TKohler ELevin DMaggs BParno BWilson C(2023)No Root Store Left BehindProceedings of the 22nd ACM Workshop on Hot Topics in Networks10.1145/3626111.3630268(295-301)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3626111.3630268
Larisch JAqeel WLum MGoldschlag YKannan LTorshizi KWang YChung TLevin DMaggs BMislove AParno BWilson CYin HStavrou ACremers CShi E(2022)HammurabiProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560594(1857-1870)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560594
Unnibhavi HCerdeira DBarbalace ASantos NBhatotia PIves ZBonifati AEl Abbadi A(2022)Secure and Policy-Compliant Query Processing on Heterogeneous Computational Storage ArchitecturesProceedings of the 2022 International Conference on Management of Data10.1145/3514221.3517913(1462-1477)Online publication date: 10-Jun-2022
https://dl.acm.org/doi/10.1145/3514221.3517913
Ahmad ALee SPeinado M(2022)HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833745(1791-1807)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833745
Giantsidi DBailleu MCrooks NBhatotia P(2022)Treaty: Secure Distributed Transactions2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN53405.2022.00015(14-27)Online publication date: Jun-2022
https://doi.org/10.1109/DSN53405.2022.00015
Saiz-Laudo RSanchez-Artigas M(2022)Egeon: Software-Defined Data Protection for Object Storage2022 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid54584.2022.00019(99-108)Online publication date: May-2022
https://doi.org/10.1109/CCGrid54584.2022.00019
Sharma ANilsen TCzerwinska KOnitiu DBrenna LJohansen DJohansen H(2021)Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological StudiesFrontiers in Big Data10.3389/fdata.2021.6244244Online publication date: 13-May-2021
https://doi.org/10.3389/fdata.2021.624424
István ZPonnapalli SChidambaram V(2021)Software-defined data protectionProceedings of the VLDB Endowment10.14778/3450980.345098614:7(1167-1174)Online publication date: 12-Apr-2021
https://dl.acm.org/doi/10.14778/3450980.3450986
Akremi ARouached M(2021)A comprehensive and holistic knowledge model for cloud privacy protectionThe Journal of Supercomputing10.1007/s11227-020-03594-3Online publication date: 12-Jan-2021
https://doi.org/10.1007/s11227-020-03594-3
Quoc DGregor FArnautov SKunkel RBhatotia PFetzer C(2020)secureTFProceedings of the 21st International Middleware Conference10.1145/3423211.3425687(44-59)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3423211.3425687
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents