{"ID":2852333,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.18756","arxiv_id":"2510.18756","title":"Hazel: Secure and Efficient Disaggregated Storage","abstract":"Disaggregated storage with NVMe-over-Fabrics (NVMe-oF) has emerged as the standard solution in modern supercomputers and data center clusters, achieving superior performance, resource utilization, and power efficiency. Simultaneously, confidential computing (CC) is becoming the de facto security paradigm, enforcing stronger isolation and protection for sensitive workloads. However, securing state-of-the-art storage with traditional CC methods struggles to scale and compromises performance or security. To address these issues, we introduce Hazel, a storage management system that extends the NVMe-oF protocol capabilities and adheres to the CC threat model, providing confidentiality, integrity, and freshness guarantees. Hazel offers an appropriate control path with novel concepts such as counter-leasing. Hazel also optimizes data path performance by leveraging NVMe metadata and introducing a new disaggregated Hazel Merkle Tree (HMT), all while remaining compatible with NVMe-oF. For additional efficiency, Hazel also supports offloading to CC-capable smart NIC accelerators. We prototype Hazel on an NVIDIA BlueField-3 and demonstrate that it can achieve as little as 1-2% performance degradation for synthetic patterns, AI training, IO500, and YCSB.","short_abstract":"Disaggregated storage with NVMe-over-Fabrics (NVMe-oF) has emerged as the standard solution in modern supercomputers and data center clusters, achieving superior performance, resource utilization, and power efficiency. Simultaneously, confidential computing (CC) is becoming the de facto security paradigm, enforcing str...","url_abs":"https://arxiv.org/abs/2510.18756","url_pdf":"https://arxiv.org/pdf/2510.18756v2","authors":"[\"Marcin Chrapek\",\"Meni Orenbach\",\"Ahmad Atamli\",\"Marcin Copik\",\"Mikhail Khalilov\",\"Fritz Alder\",\"Torsten Hoefler\"]","published":"2025-10-21T16:01:36Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.AR\",\"cs.DC\",\"cs.NI\",\"cs.OS\"]","methods":"[]","has_code":false}