EGEON: Software-Defined Data Protection for Object Storage

TL;DR

EGEON introduces a software-defined framework that allows data owners to enforce complex privacy policies and create multiple data views in object storage systems without modifying the storage internals.

Contribution

It presents a novel declarative privacy policy system integrated into object storage, enabling flexible data transformations and views without system restructuring.

Findings

Prototype built on OpenStack Swift demonstrates low overhead.

Supports complex privacy policies through data transformations.

End-to-end latency remains low with effective data filtering.

Abstract

With the growth in popularity of cloud computing, object storage systems (e.g., Amazon S3, OpenStack Swift, Ceph) have gained momentum for their relatively low per-GB costs and high availability. However, as increasingly more sensitive data is being accrued, the need to natively integrate privacy controls into the storage is growing in relevance. Today, due to the poor object storage interface, privacy controls are enforced by data curators with full access to data in the clear. This motivates the need for a new approach to data privacy that can provide strong assurance and control to data owners. To fulfill this need, this paper presents EGEON, a novel software-defined data protection framework for object storage. EGEON enables users to declaratively set privacy policies on how their data can be shared. In the privacy policies, the users can build complex data protection services through the composition of data transformations, which are invoked inline by EGEON upon a read request. As a result, data owners can trivially display multiple views from the same data piece, and modify these views by only updating the policies. And all without restructuring the internals of the underlying object storage system. The EGEON prototype has been built atop OpenStack Swift. Evaluation results shows promise in developing data protection services with little overhead directly into the object store. Further, depending on the amount of data filtered out in the transformed views, end-to-end latency can be low due to the savings in network communication.