DPUF: DPU-accelerated Near-storage Secure Filtering

Querying data stored in cloud object stores often leads to network bottlenecks, particularly when large datasets need to be transferred over wide area networks (WANs) for processing. Encryption further complicates this challenge by requiring entire encrypted objects to be fetched from the object store before analysis. To address this, we push down filtering and perform secure computing near storage using a Data Processing Unit (DPU) integrated into the cloud server. We present DPUF, a DPU-assisted near-storage secure data filtering system that accelerates filtering operations by performing the query near the data and returning only the results of the query. By using the DPU as a secure enclave dedicated to and solely trusted by the client, DPUF provides a secure means of performing filtering of encrypted data near the shared (i.e., untrusted) storage system. Furthermore, our approach leverages on-board DPU accelerators and compute resources to maximize performance. On average, DPUF achieves up to 19.7× speedup over traditional client-side filtering and reduces networking costs by up to 16×.