Cryptography and Security2026-02-11v2Hardware ArchitectureDistributed, Parallel, and Cluster ComputingNetworking and Internet ArchitectureOperating Systems
Disaggregated storage with NVMe-over-Fabrics (NVMe-oF) has emerged as the standard solution in modern supercomputers and data center clusters, achieving superior performance, resource utilization, and power efficiency. Simultaneously, confidential computing (CC) is becoming the de facto security paradigm, enforcing stronger isolation and protection for sensitive workloads. However, securing state-of-the-art storage with traditional CC methods struggles to scale and compromises performance or security. To address these issues, we introduce Hazel, a storage management system that extends the NVMe-oF protocol capabilities and adheres to the CC threat model, providing confidentiality, integrity, and freshness guarantees. Hazel offers an appropriate control path with novel concepts such as counter-leasing. Hazel also optimizes data path performance by leveraging NVMe metadata and introducing a new disaggregated Hazel Merkle Tree (HMT), all while remaining compatible with NVMe-oF. For additional efficiency, Hazel also supports offloading to CC-capable smart NIC accelerators. We prototype Hazel on an NVIDIA BlueField-3 and demonstrate that it can achieve as little as 1-2% performance degradation for synthetic patterns, AI training, IO500, and YCSB.
@article{arxiv.2510.18756,
title = {Hazel: Secure and Efficient Disaggregated Storage},
author = {Marcin Chrapek and Meni Orenbach and Ahmad Atamli and Marcin Copik and Mikhail Khalilov and Fritz Alder and Torsten Hoefler},
journal= {arXiv preprint arXiv:2510.18756},
year = {2026}
}