cs.CRcs.CYcs.DB
Policy-Compliant Cloud Storage Systems
Jun 3, 2026
The paper introduces GDPRuler, a trusted middleware system that enables verifiable GDPR compliance for key-value stores on untrusted cloud environments without requiring modifications to the core database codebase.
Privacy regulations such as the General Data Protection Regulation (GDPR) impose strict requirements on how personal data is stored, processed, and audited. While key-value stores (KVS) are widely used in latency-sensitive applications, their simple data model and untrusted cloud deployment environments make GDPR compliance particularly challenging. Existing approaches require invasive code modifications, impose high performance overheads, or overlook the integrity of compliance mechanisms themselves. This paper presents GDPRuler, a trusted middleware system that enables verifiable GDPR compliance for KVS on untrusted clouds without modifying their codebase. GDPRuler deploys a trusted GDPR monitor inside a Confidential Virtual Machine (CVM), which enforces GDPR policies, manages compliance metadata, and maintains tamper-evident audit logs. A declarative policy language translates core GDPR obligations into enforceable runtime rules. To ensure efficiency, GDPRuler encodes metadata compactly within KV records, builds dedicated metadata indexes for GDPR-specific queries, and logs only compliance-relevant events in a space-efficient format. We implement GDPRuler as a transparent proxy for unmodified Redis and RocksDB deployments. Evaluation with YCSB and GDPR-inspired workloads shows that GDPRuler enforces core compliance guarantees with low overheads: GDPRuler achieves ~61% of native KVS throughput with the CVM environment contributing 28%-32% of it, metadata storage overhead remains below 20%, and GDPR queries benefit from 13-182x speedup through metadata indexing. By embedding verifiable policy enforcement into a trusted middleware layer, GDPRuler offers a practical path toward GDPR-compliant KVS on untrusted cloud infrastructures.
Styx: Collaborative and Private Data Processing With TEE-Enforced Sticky Policy
Styx is a novel framework that enhances data privacy and security in collaborati…
Privacy as Permissible Operations: An ABAC Framework for Policy-Law Compliance
The paper introduces APLiance, a novel ABAC framework that models privacy polici…
A Hardware-Anchored Privacy Middleware for PII Sharing Across Heterogeneous Embedded Consumer Device…
The paper proposes the User Data Sharing System (UDSS), a hardware-anchored midd…
AICCE: AI Driven Compliance Checker Engine
The paper introduces AICCE, an AI-driven engine that uses generative systems and…
AI Agents Under EU Law
This paper provides a systematic regulatory mapping and compliance architecture…
PlanTwin: Privacy-Preserving Planning Abstractions for Cloud-Assisted LLM Agents
PlanTwin introduces a privacy-preserving architecture that allows cloud-hosted L…
The Cognitive Firewall:Securing Browser Based AI Agents Against Indirect Prompt Injection Via Hybrid…
The Cognitive Firewall is a hybrid edge-cloud defense architecture that signific…
Hardening x402: PII-Safe Agentic Payments via Pre-Execution Metadata Filtering
The paper introduces presidio-hardened-x402, an open-source middleware that inte…