Horus: Fine-Grained Encryption-Based Security for High Performance Petascale Storage

Appeared in Proceedings of the 6th Parallel Data Storage Workshop (PDSW '11).

Abstract

Data used in high-performance computing (HPC) applications is often sensitive, necessitating protection against both physical compromise of the storage media and "rogue" computation nodes. Existing approaches to security may require trusting storage nodes and are vulnerable to a single computation node gathering keys that can unlock all of the data used in the entire computation. Our approach, Horus, encrypts petabyte-scale files using a keyed hash tree to gen- erate different keys for each region of the file, supporting much finer-grained security. A client can only access a file region for which it has a key, and the tree structure allows keys to be generated for large and small regions as needed. Horus can be integrated into a file system or layered between applications and existing file systems, simplifying deployment. Keys can be distributed in several ways, including the use of a small stateless key cluster that strongly limits the size of the system that must be secured against attack. The system poses no added demand on the metadata cluster or the storage devices, and little added demand on the clients beyond the unavoidable need to encrypt and decrypt data, making it highly suitable for protecting data in HPC systems.

Publication date:
November 2011

Authors:
Ranjana Rajendran
Ethan L. Miller
Darrell D. E. Long

Projects:
Secure File and Storage Systems
Ultra-Large Scale Storage

Available media

Full paper text: PDF

Bibtex entry

@inproceedings{rajendran-pdsw11,
  author       = {Ranjana Rajendran and Ethan L. Miller and Darrell D. E. Long},
  title        = {Horus: Fine-Grained Encryption-Based Security for High Performance Petascale Storage},
  booktitle    = {Proceedings of the 6th Parallel Data Storage Workshop (PDSW '11)},
  month        = nov,
  year         = {2011},
}
Last modified 28 May 2019