Data Security: Theoretical and Real World Approaches to Compartmentalization- Ana McTaggart & Michael Hackett, Red Hat; Sean Anderson, Portland State University
Abstract
Using data on an untrusted cloud presents challenges to ensuring the security of computations, communication, and storage. Controlling the disclosure of information is a challenge, in both theory and in practice. In a theoretical model, a challenge is how to enforce and verify security mechanisms, particularly around disclosure of information. By applying formal methods from programming languages, security properties can be enforced on both storage systems and hardware. In a practical model, a challenge is how to ensure consistency and reliability across an untrusted cloud. The use of operators such as Rook allow container based storage for Ceph, with uniform security policies and automation of ops efforts towards resilience. The discussion will cover how theory and practice meet, and state of the art approaches to these problems. Collectively, this panel has worked on topics ranging from secure domain specific languages, to work on open source projects involving Ceph and RedHat, SUSE, and Ubuntu.