Abstract: Embodiments for detecting malicious modification of data in a network, by: setting, by a first layer of network resources, a number of markers associated with input/output (I/O) operations of the network; saving the markers, location, and associated metadata in a marker database; reading, by a second layer of the network resources, the markers corresponding to relevant I/O operations; and verifying each scanned I/O operation against a corresponding marker to determine whether or not data for a scanned specific I/O operation has been improperly modified for the first and second layers and any intermediate layer resulting in a fault condition, and if so, taking remedial action to flag or abort the specific I/O operation.

Abstract: An apparatus, in one example, comprises a storage system configured to perform one or more deduplication operations on encrypted datasets received for a plurality of tenants and store at least a portion of the encrypted datasets, the datasets having been encrypted for respective ones of the plurality of tenants using a common encryption key. The apparatus further comprises a cryptographic module associated with the storage system, the cryptographic module configured to, in response to a request to access an encrypted dataset stored by the storage system corresponding to a given one of the plurality of tenants, further encrypt the encrypted dataset using a tenant encryption key associated with the given one of the plurality of tenants. The storage system is further configured to send the further encrypted dataset to the given one of the plurality of tenants that requested access.

Abstract: Embodiments for providing memory for continuous data protection in a data storage system by storing a first key-value map as a data structure wherein the key is an address of a volume and the value comprises timestamp and hash value pairs for each time the address had data written thereto, and corresponding hash values of the written data, and storing a second key-value map as a data structure wherein the key comprises the hash value and the value comprises the written data. The first key-value map and second key-value map are implemented as a driver component in a server computer of the data storage system. The driver exposes a block device protocol on the server computer and leverages the key-value data structures for use with a deduplication storage system.

Abstract: Embodiments for providing compare and swap (CAS) functionality to key value storage to allow multi-threaded applications to share storage devices and synchronize multiple concurrent threads or processes. A key-value application programming interface (API) is modified to include a CAS API in addition to the standard Put and Get APIs. The CAS function uses a key, expected old value, and new value to compare and swap an existing key value only if its current value equals the expected old value. Hash values of the key value and expected old value may be used by the CAS function to improve performance and reduce bandwidth.

Abstract: Embodiments for detecting malicious modification of data in a network, by: setting, by a first layer of network resources, a number of markers associated with input/output (I/O) operations of the network; saving the markers, location, and associated metadata in a marker database; reading, by a second layer of the network resources, the markers corresponding to relevant I/O operations; and verifying each scanned I/O operation against a corresponding marker to determine whether or not data for a scanned specific I/O operation has been improperly modified for the first and second layers and any intermediate layer resulting in a fault condition, and if so, taking remedial action to flag or abort the specific I/O operation.

Abstract: A system, method, and computer program product comprising receiving replicated IO direct to an image on a production site; wherein the replicated IO is a copy of IO for application to the image on the production site, storing the replicated IO in a differential structure in a journal, processing the IO on the image on the replication site, and periodically processing the differential structure to be become a differential snapshot; wherein the differential snapshot may be used by a hypervisor to provide instant access to the point in time corresponding to the differential snapshot.

Abstract: Embodiments for providing memory for continuous data protection in a data storage system by storing a first key-value map as a data structure wherein the key is an address of a volume and the value comprises timestamp and hash value pairs for each time the address had data written thereto, and corresponding hash values of the written data, and storing a second key-value map as a data structure wherein the key comprises the hash value and the value comprises the written data. The first key-value map and second key-value map are implemented as a driver component in a server computer of the data storage system. The driver exposes a block device protocol on the server computer and leverages the key-value data structures for use with a deduplication storage system.

Abstract: Embodiments for providing compare and swap (CAS) functionality to key value storage to allow multi-threaded applications to share storage devices and synchronize multiple concurrent threads or processes. A key-value application programming interface (API) is modified to include a CAS API in addition to the standard Put and Get APIs. The CAS function uses a key, expected old value, and new value to compare and swap an existing key value only if its current value equals the expected old value. Hash values of the key value and expected old value may be used by the CAS function to improve performance and reduce bandwidth.

Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: Embodiments for providing continuous data protection in a data processing and storage system with a storage server and storage devices, by providing a solid state disk (SSD) device having a processor and non-volatile memory and an interface to a host device, providing a resident continuous data protection program on the SSD and executed by the processor, recording, for each write command, a memory address offset and a timestamp for the write command, and maintaining one of: an undo journal storing data in a location that is to be overwritten by the write command with the timestamp, or a log-structured file exposing a single large file as a volume to an upper layer of a host software stack for storing periodic snapshot backups of data created by the write command.

Abstract: Embodiments for providing continuous data protection in a data processing and storage system with a storage server and storage devices, by providing a solid state disk (SSD) device having a processor and non-volatile memory and an interface to a host device, providing a resident continuous data protection program on the SSD and executed by the processor, recording, for each write command, a memory address offset and a timestamp for the write command, and maintaining one of: an undo journal storing data in a location that is to be overwritten by the write command with the timestamp, or a log-structured file exposing a single large file as a volume to an upper layer of a host software stack for storing periodic snapshot backups of data created by the write command.

Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: An enterprise storage system and method detects the probability of encryption of data by comparing the level of randomness in the data to a set of increasing thresholds to determine the severity of encryption. Encryption exceeding a high predetermined threshold is determined to be due to ransomware. Upon determining the level of encryption, an appropriate action is taken based upon one or both of the policy of the enterprise or local governmental regulations as to encryption or non-encryption of data.

Abstract: Embodiments are directed to a bug reproduction system and method to reproduce non-probabilistic bug conditions in programs, such as those that involve multi-threaded race conditions and/or containerized systems. To consistently reproduce a phenomenon that usually happens with low probability, embodiments provide an effective approach to consistently reproducing bugs by combining multi-point-in-time replication (like RecoverPoint), CPU lockstep and the same constructs used in implementing VMware VMotion functionality. The result is a system that once there is an initial reconstruction, will be able to consistently reproduce the same issue one hundred percent of the time.

Abstract: An apparatus, in one example, comprises a storage system configured to perform one or more deduplication operations on encrypted datasets received for a plurality of tenants and store at least a portion of the encrypted datasets, the datasets having been encrypted for respective ones of the plurality of tenants using a common encryption key. The apparatus further comprises a cryptographic module associated with the storage system, the cryptographic module configured to, in response to a request to access an encrypted dataset stored by the storage system corresponding to a given one of the plurality of tenants, further encrypt the encrypted dataset using a tenant encryption key associated with the given one of the plurality of tenants. The storage system is further configured to send the further encrypted dataset to the given one of the plurality of tenants that requested access.