Presentation is loading. Please wait.

Presentation is loading. Please wait.

Work-in-Progress: Full-Datapath Secure Deletion

Published byKatherine Flynn Modified over 6 years ago

Similar presentations

Presentation on theme: "Work-in-Progress: Full-Datapath Secure Deletion"— Presentation transcript:

1 Work-in-Progress: Full-Datapath Secure Deletion
Sarah Diesburg, Chris Meyers, An-I Andy Wang USENIX Security ‘09

2 Full-Datapath Secure Deletion
Current Work Secure deletion Erasing all traces of files after user deletion The problem Fine-grained secure deletion methods only operate on one segment of storage data path Secure deletion may leave traces of data when interacting with other components (e.g. journal, page cache, flash) The solution Develop holistic, data-path-wide approach to securely erase files Full-Datapath Secure Deletion

3 When is fine-grained secure deletion important?
Getting rid of one personal file Switching banks, hospitals, any large organization Decommissioned hard drives Military purposes Full-Datapath Secure Deletion

4 Are current methods good enough?
Applications Applications cannot delete information about files File System Block Layer Storage Full-Datapath Secure Deletion

5 Are current methods good enough?
Applications Applications cannot delete information about files File systems may Hold hidden copies of information Consolidate writes Not honor in-place overwrites File System Block Layer Storage Full-Datapath Secure Deletion

6 Are current methods good enough?
Applications Applications cannot delete information about files File systems may Hold hidden copies of information Consolidate writes Not honor in-place overwrites Some storage media do not honor in-place overwrites File System Block Layer Storage Full-Datapath Secure Deletion

7 Full-Datapath Secure Deletion
Centralized module that passes secure deletion information from file system to lower layers Extension to storage block layer to take advantage of above information Issue secure overwrite command Call storage-specific secure deletion command Full-Datapath Secure Deletion

8 Full-Datapath Secure Deletion
Applications User Kernel Page Cache File System Add Secure Deletion Module After cache! Check Block # Block Layer Block # Secure delete commands Storage Full-Datapath Secure Deletion

9 Full-Datapath Secure Deletion
Approach Advantages Irrevocably deletes data and description information Easy to use User calls normal delete commands Per-file deletion Acceptable performance Behaves correctly during failures Soft-state module and conservative recovery Works with modern file system mechanisms Journaling, page cache, compression, etc. Works with emerging solid-state storage media Compatible beside the legacy storage data path No modification to original behavior Full-Datapath Secure Deletion

10 Full-Datapath Secure Deletion
Current Development Implements both secure write and secure delete block layer commands Secure write useful for devices that do not honor in-place overwrites Linux kernel with ext3 and NAND flash Full-Datapath Secure Deletion

11 Full-Datapath Secure Deletion
Questions? Full-Datapath Secure Deletion

Download ppt "Work-in-Progress: Full-Datapath Secure Deletion"

Similar presentations

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.
PC Card ATA command Extensions for Small Memory Card MEI(Panasonic), SanDisk,Toshiba Minoru Patrick Ohara(Toshiba)

PC Card ATA command Extensions for Small Memory Card MEI(Panasonic), SanDisk,Toshiba Minoru Patrick Ohara(Toshiba)
Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.

Full-Datapath Secure Deletion Sarah Diesburg 1. Overview Problem  Current secure deletion methods do not work State of the art  Optimistic system-wide.
What You Will Learn Components of a computer’s system software The importance of an operating system Functions of an operating system Types of user interfaces.

What You Will Learn Components of a computer’s system software The importance of an operating system Functions of an operating system Types of user interfaces.
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
Handheld TFTP Server with USB Andrew Pangborn Michael Nusinov RIT Computer Engineering – CE Design 03/20/2008.

Handheld TFTP Server with USB Andrew Pangborn Michael Nusinov RIT Computer Engineering – CE Design 03/20/2008.
File Management Systems

File Management Systems
Accurate and Efficient Replaying of File System Traces Nikolai Joukov, TimothyWong, and Erez Zadok Stony Brook University (FAST 2005) USENIX Conference.

Accurate and Efficient Replaying of File System Traces Nikolai Joukov, TimothyWong, and Erez Zadok Stony Brook University (FAST 2005) USENIX Conference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
Operating Systems.

Operating Systems.
Instructions Slides 3,4,5 are general questions that you should be able to answer. Use slides 6-27 to answer the questions. Write your answers in a separate.

Instructions Slides 3,4,5 are general questions that you should be able to answer. Use slides 6-27 to answer the questions. Write your answers in a separate.
An Introduction to Device Drivers Sarah Diesburg COP 5641 / CIS 4930.

An Introduction to Device Drivers Sarah Diesburg COP 5641 / CIS 4930.
File System. NET+OS 6 File System Architecture Design Goals File System Layer Design Storage Services Layer Design RAM Services Layer Design Flash Services.

File System. NET+OS 6 File System Architecture Design Goals File System Layer Design Storage Services Layer Design RAM Services Layer Design Flash Services.
Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?

Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Computer Organization Review and OS Introduction CS550 Operating Systems.

Computer Organization Review and OS Introduction CS550 Operating Systems.
Chapter 10 Storage and File Structure Yonsei University 2 nd Semester, 2013 Sanghyun Park.

Chapter 10 Storage and File Structure Yonsei University 2 nd Semester, 2013 Sanghyun Park.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Lecture 2 “Structure of computer” Informatics. Computer is  general purpose device that can be programmed to carry out a set of arithmetic or logical.

Lecture 2 “Structure of computer” Informatics. Computer is  general purpose device that can be programmed to carry out a set of arithmetic or logical.

Similar presentations

Ads by Google