Abstract
The use of software-defined storage (SDS) systems to store sensitive data is becoming increasingly prevalent. However, these systems primarily implement security measures to ensure the confidentiality and availability of stored data, with limited consideration for the protection of its integrity. This paper outlines why this is a harmful development, as well as how integrity-protecting measures can be included into SDS systems. To demonstrate the practical challenges and opportunities of such measures, we integrated "authenticated encryption with associated data" (AEAD) ciphers into the widely used SDS system Ceph, specifically, into its block storage interface, to secure the integrity of stored data and metadata. Ultimately, we identify the characteristics that an SDS system should possess to adopt our methodology.
