The growing disparity between processing speeds and I/O performance continues to be a limiting factor in the scalability of large scientific applications. Applications are becoming more data intensive, requiring large storage capacities and high bandwidth access to this storage. Further, application sciences are more collaborative, with sharing of data sets becoming prevalent not just between users/applications of a single organization, but across organizations as well placing even higher performance requirements on the storage system. Given the sensitive nature of many of these applications, in addition to the performance demands, there is an impending need to secure such data from adversarial attacks. The consequences of security breaches can have far reaching consequences, over and beyond the costs of detecting and investigating such breaches. At the same time, one cannot fully confine the data physically since these need to be shared by collaborative applications from different administrative domains. Regulations are also mandating the maintenance of audit records and provenance of data. The motivation for this research is driven by the need to secure storage systems which cater to the demands of high-end applications, while meeting their stringent performance requirements. These two goals - performance and security - are often contradictory, with the mechanisms for optimizing one usually coming at the expense of the other. In the proposed DataVault framework, it is recognized that different environments: (i) have diverse storage architectures, (ii) need to guard against different kinds of threats, and may (iii) have different tolerances for the associated performance overheads when implementing the security mechanisms. Rather than have a one-solution-fits-all approach, The PIs propose to investigate the rich design space - threats, storage architecture, enforcement mechanism, performance - to offer insightful choices that can be useful when deploying/customizing storage systems. DataVault will also include a usable objective-driven policy interface to configure the system for a given set of security and performance needs, while offering a convenient visualization dashboard for security management.
