* Wiping object content on removal @ 2015-11-18 14:42 Igor Fedotov 2015-11-23 15:52 ` Gregory Farnum 0 siblings, 1 reply; 7+ messages in thread From: Igor Fedotov @ 2015-11-18 14:42 UTC (permalink / raw) To: ceph-devel Hi Cephers. Does Ceph have an ability to wipe object content during one's removal? Surely one can do that manually from the client but I think that's ineffective and not 100% secure. If no - what's about adding such feature to Ceph? I can start working on that. Thanks, Igor. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-18 14:42 Wiping object content on removal Igor Fedotov @ 2015-11-23 15:52 ` Gregory Farnum 2015-11-23 16:44 ` Igor Fedotov 0 siblings, 1 reply; 7+ messages in thread From: Gregory Farnum @ 2015-11-23 15:52 UTC (permalink / raw) To: Igor Fedotov; +Cc: ceph-devel On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> wrote: > Hi Cephers. > > Does Ceph have an ability to wipe object content during one's removal? > Surely one can do that manually from the client but I think that's > ineffective and not 100% secure. > > If no - what's about adding such feature to Ceph? > I can start working on that. Wipe object content during removal of what? The OSD? Or are you talking about secure erase of object data instead of unlinking files? I'm not sure if any of that is really more interesting than just enabling disk encryption... -Greg ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-23 15:52 ` Gregory Farnum @ 2015-11-23 16:44 ` Igor Fedotov 2015-11-23 16:53 ` Andrey Korolyov 2015-11-23 17:11 ` Gregory Farnum 0 siblings, 2 replies; 7+ messages in thread From: Igor Fedotov @ 2015-11-23 16:44 UTC (permalink / raw) To: Gregory Farnum; +Cc: ceph-devel Hi Gregory, On 23.11.2015 18:52, Gregory Farnum wrote: > On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> wrote: >> Hi Cephers. >> >> Does Ceph have an ability to wipe object content during one's removal? >> Surely one can do that manually from the client but I think that's >> ineffective and not 100% secure. >> >> If no - what's about adding such feature to Ceph? >> I can start working on that. > Wipe object content during removal of what? The OSD? Or are you > talking about secure erase of object data instead of unlinking files? I meant secure object removal. > I'm not sure if any of that is really more interesting than just > enabling disk encryption... > -Greg I agree that encryption is more secure but it consumes much more CPU resources. Thanks, Igor ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-23 16:44 ` Igor Fedotov @ 2015-11-23 16:53 ` Andrey Korolyov 2015-11-24 16:58 ` Igor Fedotov 2015-11-23 17:11 ` Gregory Farnum 1 sibling, 1 reply; 7+ messages in thread From: Andrey Korolyov @ 2015-11-23 16:53 UTC (permalink / raw) To: Igor Fedotov; +Cc: Gregory Farnum, ceph-devel On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@mirantis.com> wrote: > Hi Gregory, > > On 23.11.2015 18:52, Gregory Farnum wrote: >> >> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> >> wrote: >>> >>> Hi Cephers. >>> >>> Does Ceph have an ability to wipe object content during one's removal? >>> Surely one can do that manually from the client but I think that's >>> ineffective and not 100% secure. >>> >>> If no - what's about adding such feature to Ceph? >>> I can start working on that. >> >> Wipe object content during removal of what? The OSD? Or are you >> talking about secure erase of object data instead of unlinking files? > > I meant secure object removal. > >> I'm not sure if any of that is really more interesting than just >> enabling disk encryption... >> -Greg > > I agree that encryption is more secure but it consumes much more CPU > resources. > > Thanks, > Igor > Hi, just wondering - do you have a complete security model where secure erase is required, but data protection by itself is not important by itself? In any way, the immediate object wipeout is not fast - it could consume tens of minutes or even hours after actual erase command, which is actually negates the requirement of the effective data destruction. Commonly the erase procedure is required when a media is moved between different security access zones, which could be seen as a lifecycle operation and it does not depend on any software functionality within those zones. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-23 16:53 ` Andrey Korolyov @ 2015-11-24 16:58 ` Igor Fedotov 0 siblings, 0 replies; 7+ messages in thread From: Igor Fedotov @ 2015-11-24 16:58 UTC (permalink / raw) To: Andrey Korolyov; +Cc: Gregory Farnum, ceph-devel Andrey, thanks for your valuable comment. Answering to your question - I don't have complete model. That was just a quick idea produced by the information that Openstack Cinder performs such wipe out when removing volumes (i.e. RBD images). And it does that by trivial writing to an image. Doing similar thing at Ceph level can be done faster and in background. Thanks, Igor On 11/23/2015 7:53 PM, Andrey Korolyov wrote: > On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@mirantis.com> wrote: >> Hi Gregory, >> >> On 23.11.2015 18:52, Gregory Farnum wrote: >>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> >>> wrote: >>>> Hi Cephers. >>>> >>>> Does Ceph have an ability to wipe object content during one's removal? >>>> Surely one can do that manually from the client but I think that's >>>> ineffective and not 100% secure. >>>> >>>> If no - what's about adding such feature to Ceph? >>>> I can start working on that. >>> Wipe object content during removal of what? The OSD? Or are you >>> talking about secure erase of object data instead of unlinking files? >> I meant secure object removal. >> >>> I'm not sure if any of that is really more interesting than just >>> enabling disk encryption... >>> -Greg >> I agree that encryption is more secure but it consumes much more CPU >> resources. >> >> Thanks, >> Igor >> > Hi, > > just wondering - do you have a complete security model where secure > erase is required, but data protection by itself is not important by > itself? In any way, the immediate object wipeout is not fast - it > could consume tens of minutes or even hours after actual erase > command, which is actually negates the requirement of the effective > data destruction. Commonly the erase procedure is required when a > media is moved between different security access zones, which could be > seen as a lifecycle operation and it does not depend on any software > functionality within those zones. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-23 16:44 ` Igor Fedotov 2015-11-23 16:53 ` Andrey Korolyov @ 2015-11-23 17:11 ` Gregory Farnum 2015-11-24 17:04 ` Igor Fedotov 1 sibling, 1 reply; 7+ messages in thread From: Gregory Farnum @ 2015-11-23 17:11 UTC (permalink / raw) To: Igor Fedotov; +Cc: ceph-devel On Mon, Nov 23, 2015 at 10:44 AM, Igor Fedotov <ifedotov@mirantis.com> wrote: > Hi Gregory, > > On 23.11.2015 18:52, Gregory Farnum wrote: >> >> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> >> wrote: >>> >>> Hi Cephers. >>> >>> Does Ceph have an ability to wipe object content during one's removal? >>> Surely one can do that manually from the client but I think that's >>> ineffective and not 100% secure. >>> >>> If no - what's about adding such feature to Ceph? >>> I can start working on that. >> >> Wipe object content during removal of what? The OSD? Or are you >> talking about secure erase of object data instead of unlinking files? > > I meant secure object removal. > Yeah, I just don't see this happening. There aren't even exposed primitives to do a secure erase on SSDs, are there? Plus turning a delete operation into a full data overwrite....yuck. -Greg ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Wiping object content on removal 2015-11-23 17:11 ` Gregory Farnum @ 2015-11-24 17:04 ` Igor Fedotov 0 siblings, 0 replies; 7+ messages in thread From: Igor Fedotov @ 2015-11-24 17:04 UTC (permalink / raw) To: Gregory Farnum; +Cc: ceph-devel Gregory, the idea is to wipe object content optionally - when user requests for that. Thus not every delete operation will suffer from that. Igor. On 11/23/2015 8:11 PM, Gregory Farnum wrote: > On Mon, Nov 23, 2015 at 10:44 AM, Igor Fedotov <ifedotov@mirantis.com> wrote: >> Hi Gregory, >> >> On 23.11.2015 18:52, Gregory Farnum wrote: >>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com> >>> wrote: >>>> Hi Cephers. >>>> >>>> Does Ceph have an ability to wipe object content during one's removal? >>>> Surely one can do that manually from the client but I think that's >>>> ineffective and not 100% secure. >>>> >>>> If no - what's about adding such feature to Ceph? >>>> I can start working on that. >>> Wipe object content during removal of what? The OSD? Or are you >>> talking about secure erase of object data instead of unlinking files? >> I meant secure object removal. >> > Yeah, I just don't see this happening. There aren't even exposed > primitives to do a secure erase on SSDs, are there? Plus turning a > delete operation into a full data overwrite....yuck. > -Greg ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-11-24 17:04 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-11-18 14:42 Wiping object content on removal Igor Fedotov 2015-11-23 15:52 ` Gregory Farnum 2015-11-23 16:44 ` Igor Fedotov 2015-11-23 16:53 ` Andrey Korolyov 2015-11-24 16:58 ` Igor Fedotov 2015-11-23 17:11 ` Gregory Farnum 2015-11-24 17:04 ` Igor Fedotov
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.