Abstract

This technical note discusses the implications of a Swarm storage node or its disks falling into the wrong hands.

Protection on Disk

Swarm storage software provides a data platform for data protection, security, management and organization. The multi-tier storage method provides built-in security models and resilient replication and erasure coding options provided by object storage.

Swarm security protections are inherent in the design of the platform and are in embedded within the Swarm itself. If a third party where to acquire a piece of the Swarm, either by accident or wrongfully, then the mere possession of a Swarm server or one of its storage modules does not enable the ready reconstruction of the data stored in the Swarm piece. This is due to 3 key factors:

1. the lack of an internal operating system,

2. a private, proprietary file system, and  

3. the requirement that only an authorized person may approve a distribution of Swarm software.

Since there is no operating system on the Swarm storage servers and there is no installed mechanism to boot the server using its disk drives, only externally supplied software can operate the Swarm successfully. No portion of this software is retained on the permanent storage. Absent the Swarm software, no information on the drives is visible and the disk appears unformatted. Any attempt to install an operating system on the drive or server, such as Linux or Microsoft, results in an “overwrite” of any and all information on the disks.

As the Swarm uses a DataCore proprietary format, it does not incorporate publicly available file systems or standard disk partitioning. The DataCore proprietary file format is not published and no standard file system mounting utilities will mount or even recognize these volumes as a data device. Again, disks will appear unformatted and un-mountable. In addition, DataCore has not released any forensic tools that would permit anyone to browse or list the contents of the storage volumes.

Finally, Swarm software is not available through any automated or anonymous process, and requires human approval and distribution. If the software were obtained, object access would still require universally unique identifier keys (UUID). There is no facility or API for UUID discovery in the data volumes or on the storage node. Reading objects from the disks would require both raw device access and reverse engineering of the DataCore proprietary file storage format.