Pledge: A Policy-Based Security Protocol for Protecting Content Addressable Storage Architectures

In this paper the authors present PLEDGE, an efficient and scalable security ProtocoL for protecting fixed-content objects in ContEnt ADdressable StoraGe (CAS) architEctures. PLEDGE follows an end-to-end policy-driven security approach to secure the confidentiality, integrity, and authenticity of fixed-content entities over the enterprise network links and in the nodes of the CAS device. It utilizes a customizable and configurable eXtensible Mark-up Language (XML) security policy to provide flexible, multi-level, and fine-grained encryption and hashing methodologies to fixed content CAS entities. PLEDGE secures data objects based on their content and sensitivity and highly overcomes the performance of bulk and raw encryption protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) protocols.