Ety Khaitzin, Julian James Stephen, Maya Anderson, Hani Jamjoom, Ronen Kat, Arjun Natarajan, Roger Raphael, Roee Shlomo and Tomer Solomon
USENIX Workshop on Hot Topics in Cloud Computing (HotCloud '19)
Renton, WA, July 2019
Abstract. Despite the growing collection and use of private data in
the cloud, there remains a fundamental disconnect
between unified data governance and the storage
system enforcement techniques. On one side,
high-level governance policies derived from
regulations like General Data Protection Regulation
(GDPR) have emerged with stricter rules dictating
who, when and how data can be processed. On the
other side, storage-level controls, both role- or
attribute-based, continue to focus on access/deny
enforcement. In this paper, we propose how to bridge
this gap. We introduce Deep Enforcement, a system
that provides unified governance and transformation
policies coupled with data transformations embedded
into the storage fabric to achieve policy
compliance. Data transformations can vary in
complexity, from simple redactions to complex
differential privacy-based techniques to provide the
required amount of anonymization. We show how this
architecture can be implemented into two broad
classes of data storage systems in the cloud: object
storages and SQL databases. Depending on the
complexity of the transformation, we also
demonstrate how to implement them either in-line (on
data access) or off-line (creating an alternate
cached dataset).
Bibtex.
@inproceedings{jamjoom-deepenforcement-hotcloud-2019,
author = {Ety and Khaitzin and Julian James and Stephen and Maya and Anderson and Hani and Jamjoom and Ronen and Kat and Arjun and Natarajan and Roger and Raphael and Roee and Shlomo and Tomer and Solomon},
title = {{Deep Enforcement: Policy-based Data Transformations for Data in the Cloud}},
booktitle = {USENIX Workshop on Hot Topics in Cloud Computing (HotCloud '19)},
address = {Renton, WA},
month = {July},
year = {2019}
}