István, Zsolt ; Ponnapalli, Soujanya ; Chidambaram, Vijay (2020)
Towards Software-Defined Data Protection: GDPR Compliance at the Storage Layer is Within Reach.
doi: 10.48550/arXiv.2008.04936
Report, Bibliographie
Kurzbeschreibung (Abstract)
Enforcing data protection and privacy rules within large data processing applications is becoming increasingly important, especially in the light of GDPR and similar regulatory frameworks. Most modern data processing happens on top of a distributed storage layer, and securing this layer against accidental or malicious misuse is crucial to ensuring global privacy guarantees. However, the performance overhead and the additional complexity for this is often assumed to be significant — in this work we describe a path forward that tackles both challenges. We propose "Software-Defined Data Protection" (SDP), an adoption of the "Software-Defined Storage" approach to non-performance aspects: a trusted controller translates company and application-specific policies to a set of rules deployed on the storage nodes. These, in turn, apply the rules at line-rate but do not take any decisions on their own. Such an approach decouples often changing policies from request-level enforcement and allows storage nodes to implement the latter more efficiently. Even though in-storage processing brings challenges, mainly because it can jeopardize line-rate processing, we argue that today's Smart Storage solutions can already implement the required functionality, thanks to the separation of concerns introduced by SDP. We highlight the challenges that remain, especially that of trusting the storage nodes. These need to be tackled before we can reach widespread adoption in cloud environments.
Typ des Eintrags: | Report |
---|---|
Erschienen: | 2020 |
Autor(en): | István, Zsolt ; Ponnapalli, Soujanya ; Chidambaram, Vijay |
Art des Eintrags: | Bibliographie |
Titel: | Towards Software-Defined Data Protection: GDPR Compliance at the Storage Layer is Within Reach |
Sprache: | Englisch |
Publikationsjahr: | 11 August 2020 |
Verlag: | arXiv |
Reihe: | Computer Science |
Kollation: | 8 Seiten |
DOI: | 10.48550/arXiv.2008.04936 |
URL / URN: | https://arxiv.org/abs/2008.04936 |
Kurzbeschreibung (Abstract): | Enforcing data protection and privacy rules within large data processing applications is becoming increasingly important, especially in the light of GDPR and similar regulatory frameworks. Most modern data processing happens on top of a distributed storage layer, and securing this layer against accidental or malicious misuse is crucial to ensuring global privacy guarantees. However, the performance overhead and the additional complexity for this is often assumed to be significant — in this work we describe a path forward that tackles both challenges. We propose "Software-Defined Data Protection" (SDP), an adoption of the "Software-Defined Storage" approach to non-performance aspects: a trusted controller translates company and application-specific policies to a set of rules deployed on the storage nodes. These, in turn, apply the rules at line-rate but do not take any decisions on their own. Such an approach decouples often changing policies from request-level enforcement and allows storage nodes to implement the latter more efficiently. Even though in-storage processing brings challenges, mainly because it can jeopardize line-rate processing, we argue that today's Smart Storage solutions can already implement the required functionality, thanks to the separation of concerns introduced by SDP. We highlight the challenges that remain, especially that of trusting the storage nodes. These need to be tackled before we can reach widespread adoption in cloud environments. |
Zusätzliche Informationen: | 1.Version |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Distributed and Networked Systems |
Hinterlegungsdatum: | 20 Jan 2023 12:54 |
Letzte Änderung: | 19 Dez 2024 11:17 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |