Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: A cloud-based data governance system includes a processing unit, a network adapter, and memory for storing data and code. The network adapter establishes a connection with a remote data storage system associated with a remote file system over a wide-area network (WAN). The code includes an event collection interface, a data governance service, and an enforcement service. The event collection interface is configured to capture an event from the remote data storage system. The event is indicative of a file system operation executed on a data object of the remote file system. The data governance service is configured to receive the event from the event collection interface and to process the event to determine whether the file system operation conflicts with a governance policy of the data governance system. The enforcement service executes a set of remediation actions if the file system operation does conflict with the governance policy.

Abstract: A method for facilitating synchronization of a remote file system (RFS) and a local file system (LFS) includes maintaining a global revision identifier associated with the RFS, where the global revision identifier has a variable state, and responsive to the RFS being modified, updating metadata associated with one or more of the file system objects of the RFS based on a state of the global revision identifier. More particularly, the method includes updating the global revision identifier to a new state in response to the RFS modification and then updating the metadata of the folder(s) associated with the RFS modification. The RFS metadata is partitioned by folder and file to facilitate efficient searching based on a requested namespace view. Another method utilizes prior revision identifiers stored in the LFS to limit the RFS metadata returned to the local cloud during a rescan, by excluding the data set that has not changed, which improves the efficiency of the rescan synchronization.

Abstract: A method for storing objects in an object storage system includes the steps of establishing a network connection with a client over an inter-network, receiving an upload request indicating an object to be uploaded by the client, selecting at least two storage nodes on which the object will be stored, receiving the object from the client via the network connection, and streaming the object to each of the selected storage nodes such that the object is stored on each of the selected storage nodes. The method can also include writing an object record associating the object and the selected storage nodes to a shard of an object database and generating a Universally Unique Identifier (UUID). The UUID indicates the shard and the object ID of the object record, such that the object record can be quickly retrieved. Object storage infrastructures are also disclosed.

Abstract: Cloud storage systems and methods are described for providing event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to at least one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: Systems and methods for the mitigation of return-oriented programming are disclosed. A return address for a function is encrypted to generate an encrypted return address. The encrypted return address is stored as the return address for the function. The encrypted return address can be decrypted prior to a return instruction of the function.

Abstract: Systems and methods for the mitigation of return-oriented programming are disclosed. A return address for a function is encrypted to generate an encrypted return address. The encrypted return address is stored as the return address for the function. The encrypted return address can be decrypted prior to a return instruction of the function.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: A method for storing objects in an object storage system includes the steps of establishing a network connection with a client over an inter-network, receiving an upload request indicating an object to be uploaded by the client, selecting at least two storage nodes on which the object will be stored, receiving the object from the client via the network connection, and streaming the object to each of the selected storage nodes such that the object is stored on each of the selected storage nodes. The method can also include writing an object record associating the object and the selected storage nodes to a shard of an object database and generating a Universally Unique Identifier (UUID). The UUID indicates the shard and the object ID of the object record, such that the object record can be quickly retrieved. Object storage infrastructures are also disclosed.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: A method for storing objects in an object storage system includes the steps of establishing a network connection with a client over an inter-network, receiving an upload request indicating an object to be uploaded by the client, selecting at least two storage nodes on which the object will be stored, receiving the object from the client via the network connection, and streaming the object to each of the selected storage nodes such that the object is stored on each of the selected storage nodes. The method can also include writing an object record associating the object and the selected storage nodes to a shard of an object database and generating a Universally Unique Identifier (UUID). The UUID indicates the shard and the object ID of the object record, such that the object record can be quickly retrieved. Object storage infrastructures are also disclosed.

Abstract: Cloud storage systems and methods are described for providing event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to at least one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: Cloud storage systems and methods are described for providing event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to at least one of a remote file system (RFS) hosted by the remote cloud storage system and a local file system (LFS) hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A cloud-based data governance system includes a processing unit, a network adapter, and memory for storing data and code. The network adapter establishes a connection with a remote data storage system associated with a remote file system over a wide-area network (WAN). The code includes and event collection interface, a data governance service, and an enforcement service. The event collection interface is configured to capture an event from the remote data storage system. The event is indicative of a file system operation executed on a data object of the remote file system. The data governance service is configured to receive the event from the event collection interface and to process the event to determine whether the file system operation conflicts with a governance policy of the data governance system. The enforcement service executes a set of remediation actions, if the file system operation does conflict with the governance policy.

Abstract: A cloud-based data governance system includes a processing unit, a network adapter, and memory for storing data and code. The network adapter establishes a connection with a remote data storage system associated with a remote file system over a wide-area network (WAN). The code includes and event collection interface, a data governance service, and an enforcement service. The event collection interface is configured to capture an event from the remote data storage system. The event is indicative of a file system operation executed on a data object of the remote file system. The data governance service is configured to receive the event from the event collection interface and to process the event to determine whether the file system operation conflicts with a governance policy of the data governance system. The enforcement service executes a set of remediation actions, if the file system operation does conflict with the governance policy.