Virtualized storage systems provide services to archive, backup, and store data. Efficiency in a large-scale virtualized storage system (i.e., a cloud computing environment) may be achieved by serving multiple tenants using a shared pool of storage resources. Such sharing often leads to commingling of data belonging to different tenants over the shared system components (e.g., storage media, processors, etc.) and may result in system vulnerability.
In a data storage infrastructure with a traditional key-value framework, user requests for access to data are serviced based on an association established between a key (e.g., an index) and a value (e.g., a pointer to target data). Typically, a user establishes a communication session with a storage server by way of a login process and submits a data request that includes the key. The key is then utilized by the storage server to retrieve the target data from a storage medium.
The user login process authenticates the user session, but thereafter there is no further mechanism to isolate the underlying tenant resources or storage. As such, if there is a security breach, a user of one tenant might be able to access the data of another tenant. That is, there is no mechanism to define data access privileges at the file level to prohibit a user from access to a file belonging to another tenant, after the user has successfully logged in.