Efficient and Secure Search of Enterprise File Systems

With fast paced growth of digital data, keyword based search has become a critical enterprise application. Research has shown that nearly 85% of enterprise data lies in flat filesystems [10] that allow multiple users with different access privileges. Any search tool for such systems needs to be efficient and yet cognizant of access control semantics imposed by the underlying filesystem. Current enterprise search techniques use two disjoint search and access- control components by creating a single system-wide index and filtering search results for access control. This approach is ineffective as index and query statistics subtly leak private information. The other approach of using separate indices for each user is undesirable as it not only increases disk consumption due to shared files, but also increases overheads of updating indices whenever a file changes. We propose a distributed approach that couples search and access-control into a unified framework and pro vides secure multiuser search. Our scheme (logically) divides data into independent access-privileges based chunks, called access-control barrels (ACB). ACBs not only manage security but also improve overall efficiency as they can be indexed and searched in parallel by distributing them to multiple enterprise machines. We describe the architecture of ACBs based search and propose an optimization that ensures the scalability of our approach. We validate our design with a detailed evaluation using industry benchmarks and datasets. Our initial experiments show secure search with 38% improved indexing efficiency and low overheads for ACB processing.