Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.

Provided is a method, a computer program product, and a system for providing perfect forward secrecy in virtual machines. The method includes receiving a secure memory allocation function from an application, including a connection secret to be stored in memory. The method further includes allocating memory for the connection secret according to the memory size parameter and storing an entry relating to the connection secret in a secure database. The memory information includes a memory location and a memory size of the memory. The method also includes monitoring an operation state relating to the virtual machine. The method further includes receiving, from the application, a secure deallocation function relating to the connection secret and retrieving the memory information from the secure database. The method also includes deleting the connection from the memory and sanitizing the memory location logged by the memory information.

Systems and methods are described for resource-efficient memory deduplication and write-protection. In an example, a method includes receiving, by a computing device having a processor, a request to assess deduplication for a plurality of candidate files. The computing device may perform one or more iterative steps for deduplication. The iterative steps may include: receiving, from the plurality of candidate files, a candidate file that is not write-protected; determining, based on a predetermined Bernoulli distribution, a decision to write-protect the candidate file; rendering the candidate file as a write-protected candidate file; determining, based on a review of other candidate files from the plurality of candidate files, that the write-protected candidate file can be deduplicated; and deduplicating the write-protected candidate file.

Methods, apparatus, and processor-readable storage media for automatically processing storage system data and generating visualizations representing differential data comparisons are provided herein. An example computer-implemented method includes obtaining current data from a first storage system and historical data from the first storage system and/or one or more additional storage systems; determining, for the first storage system, at least one current state value for at least one storage system parameter by processing the current data using a first hashing algorithm; determining, for the first storage system with respect to the first storage system and/or the additional storage systems, at least one differential state value for the at least one storage system parameter by processing the current data and the historical data using a second hashing algorithm; and generating data visualizations based on the current state value(s) and/or the differential state value(s).

According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

A method for execution by a storage network begins by issuing a decode threshold number of read requests for a set of encoded data slices to a plurality of storage units of a set of storage units and continues by determining whether less than a decode threshold number of read requests has been received in a time window. The method continues by identifying one or more encoded data slices encoded data slices associated with read requests of the decode threshold number of read requests that have not been received and for an encoded data slice of the one or more encoded data slices, issuing a priority read request to a storage unit storing a copy of the encoded data slice. The method then continues by receiving a response from the storage unit storing the copy of the encoded data, where the storage unit storing the copy of the encoded data slice is adapted to delay one or more maintenance tasks in response to the priority read request.

Systems and methods are provided for storing data blocks in distributed storage. One example computer-implemented method includes, in response to receipt of a data block comprising data, generating a value N for the data block, wherein the value N includes a variable integer greater than one and dividing the data block into N segments, wherein each segment includes a portion of the data. The method also includes generating a value M for the data block, wherein the value M includes a variable integer greater than or equal to one, and adding M segments of chaff to the N segments. The method then includes encrypting the N segments and the M segments of chaff and distributing the M segments and the N segments in distributed storage, wherein the N segments and the M segments of chaff are stored in multiple different storage devices included in the distributed storage.

A storage system has zones in solid-state storage memory, with power loss protection. The system identifies portions of data for processes that utilize power loss protection. The system determines to activate or deactivate power loss protection for the portions of data for the processes. The system tracks activation and deactivation of power loss protection in zones in the solid-state storage memory, in accordance with the portions of data having power loss protection activated or deactivated.

Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

The disclosed technology relates to a system configured to detect a modification to a node in a tree data structure. The node is associated with a content item managed by a content management service as well as a filename. The system may append the filename and a separator to a filename array, determine a location of the filename in the filename array, and store the location of the filename in the node.