* Wiping object content on removal
@ 2015-11-18 14:42 Igor Fedotov
2015-11-23 15:52 ` Gregory Farnum
0 siblings, 1 reply; 7+ messages in thread
From: Igor Fedotov @ 2015-11-18 14:42 UTC (permalink / raw)
To: ceph-devel
Hi Cephers.
Does Ceph have an ability to wipe object content during one's removal?
Surely one can do that manually from the client but I think that's
ineffective and not 100% secure.
If no - what's about adding such feature to Ceph?
I can start working on that.
Thanks,
Igor.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-18 14:42 Wiping object content on removal Igor Fedotov
@ 2015-11-23 15:52 ` Gregory Farnum
2015-11-23 16:44 ` Igor Fedotov
0 siblings, 1 reply; 7+ messages in thread
From: Gregory Farnum @ 2015-11-23 15:52 UTC (permalink / raw)
To: Igor Fedotov; +Cc: ceph-devel
On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> wrote:
> Hi Cephers.
>
> Does Ceph have an ability to wipe object content during one's removal?
> Surely one can do that manually from the client but I think that's
> ineffective and not 100% secure.
>
> If no - what's about adding such feature to Ceph?
> I can start working on that.
Wipe object content during removal of what? The OSD? Or are you
talking about secure erase of object data instead of unlinking files?
I'm not sure if any of that is really more interesting than just
enabling disk encryption...
-Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-23 15:52 ` Gregory Farnum
@ 2015-11-23 16:44 ` Igor Fedotov
2015-11-23 16:53 ` Andrey Korolyov
2015-11-23 17:11 ` Gregory Farnum
0 siblings, 2 replies; 7+ messages in thread
From: Igor Fedotov @ 2015-11-23 16:44 UTC (permalink / raw)
To: Gregory Farnum; +Cc: ceph-devel
Hi Gregory,
On 23.11.2015 18:52, Gregory Farnum wrote:
> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> wrote:
>> Hi Cephers.
>>
>> Does Ceph have an ability to wipe object content during one's removal?
>> Surely one can do that manually from the client but I think that's
>> ineffective and not 100% secure.
>>
>> If no - what's about adding such feature to Ceph?
>> I can start working on that.
> Wipe object content during removal of what? The OSD? Or are you
> talking about secure erase of object data instead of unlinking files?
I meant secure object removal.
> I'm not sure if any of that is really more interesting than just
> enabling disk encryption...
> -Greg
I agree that encryption is more secure but it consumes much more CPU
resources.
Thanks,
Igor
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-23 16:44 ` Igor Fedotov
@ 2015-11-23 16:53 ` Andrey Korolyov
2015-11-24 16:58 ` Igor Fedotov
2015-11-23 17:11 ` Gregory Farnum
1 sibling, 1 reply; 7+ messages in thread
From: Andrey Korolyov @ 2015-11-23 16:53 UTC (permalink / raw)
To: Igor Fedotov; +Cc: Gregory Farnum, ceph-devel
On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@mirantis.com> wrote:
> Hi Gregory,
>
> On 23.11.2015 18:52, Gregory Farnum wrote:
>>
>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com>
>> wrote:
>>>
>>> Hi Cephers.
>>>
>>> Does Ceph have an ability to wipe object content during one's removal?
>>> Surely one can do that manually from the client but I think that's
>>> ineffective and not 100% secure.
>>>
>>> If no - what's about adding such feature to Ceph?
>>> I can start working on that.
>>
>> Wipe object content during removal of what? The OSD? Or are you
>> talking about secure erase of object data instead of unlinking files?
>
> I meant secure object removal.
>
>> I'm not sure if any of that is really more interesting than just
>> enabling disk encryption...
>> -Greg
>
> I agree that encryption is more secure but it consumes much more CPU
> resources.
>
> Thanks,
> Igor
>
Hi,
just wondering - do you have a complete security model where secure
erase is required, but data protection by itself is not important by
itself? In any way, the immediate object wipeout is not fast - it
could consume tens of minutes or even hours after actual erase
command, which is actually negates the requirement of the effective
data destruction. Commonly the erase procedure is required when a
media is moved between different security access zones, which could be
seen as a lifecycle operation and it does not depend on any software
functionality within those zones.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-23 16:44 ` Igor Fedotov
2015-11-23 16:53 ` Andrey Korolyov
@ 2015-11-23 17:11 ` Gregory Farnum
2015-11-24 17:04 ` Igor Fedotov
1 sibling, 1 reply; 7+ messages in thread
From: Gregory Farnum @ 2015-11-23 17:11 UTC (permalink / raw)
To: Igor Fedotov; +Cc: ceph-devel
On Mon, Nov 23, 2015 at 10:44 AM, Igor Fedotov <ifedotov@mirantis.com> wrote:
> Hi Gregory,
>
> On 23.11.2015 18:52, Gregory Farnum wrote:
>>
>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com>
>> wrote:
>>>
>>> Hi Cephers.
>>>
>>> Does Ceph have an ability to wipe object content during one's removal?
>>> Surely one can do that manually from the client but I think that's
>>> ineffective and not 100% secure.
>>>
>>> If no - what's about adding such feature to Ceph?
>>> I can start working on that.
>>
>> Wipe object content during removal of what? The OSD? Or are you
>> talking about secure erase of object data instead of unlinking files?
>
> I meant secure object removal.
>
Yeah, I just don't see this happening. There aren't even exposed
primitives to do a secure erase on SSDs, are there? Plus turning a
delete operation into a full data overwrite....yuck.
-Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-23 16:53 ` Andrey Korolyov
@ 2015-11-24 16:58 ` Igor Fedotov
0 siblings, 0 replies; 7+ messages in thread
From: Igor Fedotov @ 2015-11-24 16:58 UTC (permalink / raw)
To: Andrey Korolyov; +Cc: Gregory Farnum, ceph-devel
Andrey,
thanks for your valuable comment.
Answering to your question - I don't have complete model. That was just
a quick idea produced by the information that Openstack Cinder performs
such wipe out when removing volumes (i.e. RBD images). And it does that
by trivial writing to an image. Doing similar thing at Ceph level can be
done faster and in background.
Thanks,
Igor
On 11/23/2015 7:53 PM, Andrey Korolyov wrote:
> On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@mirantis.com> wrote:
>> Hi Gregory,
>>
>> On 23.11.2015 18:52, Gregory Farnum wrote:
>>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com>
>>> wrote:
>>>> Hi Cephers.
>>>>
>>>> Does Ceph have an ability to wipe object content during one's removal?
>>>> Surely one can do that manually from the client but I think that's
>>>> ineffective and not 100% secure.
>>>>
>>>> If no - what's about adding such feature to Ceph?
>>>> I can start working on that.
>>> Wipe object content during removal of what? The OSD? Or are you
>>> talking about secure erase of object data instead of unlinking files?
>> I meant secure object removal.
>>
>>> I'm not sure if any of that is really more interesting than just
>>> enabling disk encryption...
>>> -Greg
>> I agree that encryption is more secure but it consumes much more CPU
>> resources.
>>
>> Thanks,
>> Igor
>>
> Hi,
>
> just wondering - do you have a complete security model where secure
> erase is required, but data protection by itself is not important by
> itself? In any way, the immediate object wipeout is not fast - it
> could consume tens of minutes or even hours after actual erase
> command, which is actually negates the requirement of the effective
> data destruction. Commonly the erase procedure is required when a
> media is moved between different security access zones, which could be
> seen as a lifecycle operation and it does not depend on any software
> functionality within those zones.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal
2015-11-23 17:11 ` Gregory Farnum
@ 2015-11-24 17:04 ` Igor Fedotov
0 siblings, 0 replies; 7+ messages in thread
From: Igor Fedotov @ 2015-11-24 17:04 UTC (permalink / raw)
To: Gregory Farnum; +Cc: ceph-devel
Gregory,
the idea is to wipe object content optionally - when user requests for that.
Thus not every delete operation will suffer from that.
Igor.
On 11/23/2015 8:11 PM, Gregory Farnum wrote:
> On Mon, Nov 23, 2015 at 10:44 AM, Igor Fedotov <ifedotov@mirantis.com> wrote:
>> Hi Gregory,
>>
>> On 23.11.2015 18:52, Gregory Farnum wrote:
>>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com>
>>> wrote:
>>>> Hi Cephers.
>>>>
>>>> Does Ceph have an ability to wipe object content during one's removal?
>>>> Surely one can do that manually from the client but I think that's
>>>> ineffective and not 100% secure.
>>>>
>>>> If no - what's about adding such feature to Ceph?
>>>> I can start working on that.
>>> Wipe object content during removal of what? The OSD? Or are you
>>> talking about secure erase of object data instead of unlinking files?
>> I meant secure object removal.
>>
> Yeah, I just don't see this happening. There aren't even exposed
> primitives to do a secure erase on SSDs, are there? Plus turning a
> delete operation into a full data overwrite....yuck.
> -Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-11-24 17:04 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-18 14:42 Wiping object content on removal Igor Fedotov
2015-11-23 15:52 ` Gregory Farnum
2015-11-23 16:44 ` Igor Fedotov
2015-11-23 16:53 ` Andrey Korolyov
2015-11-24 16:58 ` Igor Fedotov
2015-11-23 17:11 ` Gregory Farnum
2015-11-24 17:04 ` Igor Fedotov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.