In today’s systems, policies protecting stored data and mechanisms for their enforcement are spread across many software components, increasing the risk of violation due to bugs, vulnerabilities and misconfigurations. We suggest Guardat to addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Thus, policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We show experimentally that the overhead is low.
Protecting Persistent Data
Publications
Techniques to Protect Confidentiality and Integrity of Persistent and In-Memory Data
Anjo Lucas Vahldiek-Oberwagner
PhD Thesis,
2018.
Pesos: Policy Enhanced Secure Object store
Robert Krahn, Bohdan Trach, Anjo Vahldiek-Oberwagner, Thomas Knauth, Pramod Bhatotia, Christof Fetzer
ACM EuroSys,
2018.
Thoth : Comprehensive Policy Compliance in Data Retrieval Systems
Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-oberwagner, Deepak Garg, Peter Druschel
Usenix Security,
2016.
Protecting Data Integrity with Storage Leases
Peter Druschel, Rodrigo Rodrigues, Ansley Post, Johannes Gehrke, Anjo Lucas Vahldiek
US Patent 9,165,155,
2015.
Guardat: Enforcing data policies at the storage layer
Anjo Vahldiek-Oberwagner, Eslam Elnikety, Aastha Mehta, Deepak Garg, Peter Druschel, Rodrigo Rodrigues, Johannes Gehrke, Ansley Post
ACM EuroSys,
2015.
Protecting Data Integrity with Storage Leases
Anjo Vahldiek, Eslam Elnikety, Ansley Post, Peter Druschel, Rodrigo Rodrigues
MPI-SWS Technical Report,
2011.