skip to main content
10.1145/1179559.1179571acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Secure deletion myths, issues, and solutions

Published: 30 October 2006 Publication History

Abstract

This paper has three goals. (1) We try to debunk several held misconceptions about secure deletion: that encryption is an ideal solution for everybody, that existing data-overwriting tools work well, and that securely deleted files must be overwritten many times. (2) We discuss new and important issues that are often neglected: secure deletion consistency in case of power failures, handling versioning and journalling file systems, and metadata overwriting. (3) We present two solutions for on-demand secure deletion. First, we have created a highly portable and flexible system that performs only the minimal amount of work in kernel mode. Second, we present two in-kernel solutions in the form of Ext3 file system patches that can perform comprehensive data and metadata overwriting. We evaluated our proposed solutions and discuss the trade-offs involved.

References

[1]
S. Bauer and N.B. Priyantha. Secure Data Deletion for Linux File Systems. In Proceedings of the 10th Usenix Security Symposium, pages 153--164, Washington, DC, August 2001. USENIX Association.
[2]
H. Berghel and D. Hoelzer. Disk wiping by any other name. Communications of the ACM, 49(8):17--21, August 2006.
[3]
D. Boneh and R. Lipton. A Revocable Backup System. In Proceedings of the Sixth USENIX UNIX Security Symposium, pages 91--96, San Jose, CA, July 1996. USENIX Association.
[4]
M. Cao, T.Y. Tso, B. Pulavarty, S. Bhattacharya, A. Dilger, and A. Tomas. State of the art: Where we are with the ext3 filesystem. In Proceedings of the Linux Symposium, Ottawa, ON, Canada, July 2005.
[5]
J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proceedings of the 13th USENIX Security Conference, pages 321--336, San Diego, CA, August 2004. USENIX Association.
[6]
T.J. Fitzgerald. Deleted but Not Gone. New York Times, November 2005.
[7]
Free Downloads Center. Linux Disk DoD. www.freedownloadscenter.com/Best/linux-disk-dod.html.
[8]
T. Grance, M. Stevens, and M. Myers. Guide to Selecting Information Security Products, chapter 5.9: Media Sanitizing. National Institute of Standards and Technology (NIST), October 2003.
[9]
P. Gutmann. Secure Deletion of Data from Magnetic and Solid-State Memory. In Proceedings of the Sixth USENIX UNIX Security Symposium, pages 77--90, San Jose, CA, July 1996. USENIX Association.
[10]
R. Hasan, S. Myagmar, A. Lee, and W. Yurcik. Toward a Threat Model for Storage Systems. In Proceedings of the First ACMWorkshop on Storage Security and Survivability (StorageSS 2005), pages 94--102, FairFax, VA, November 2005. ACM.
[11]
G. Hughes. CMRR Protocols for Disk Drive Secure Erase. Technical report, Center for Magnetic Recording Research, University of California, San Diego, October 2004. http://cmrr.ucsd.edu/Hughes/CmrrSecureEraseProtocols.pdf.
[12]
N. Joukov. Patch: Secure Deletion Functionality in Ext3. http://lwn.net/Articles/171924/, February 2006.
[13]
N. Joukov and E. Zadok. Adding Secure Deletion to Your Favorite File System. In Proceedings of the third international IEEE Security In Storage Workshop (SISW 2005), San Fransisco, CA, December 2005. IEEE Computer Society.
[14]
J. Katcher. PostMark: A New Filesystem Benchmark. Technical Report TR3022, Network Appliance, 1997. www.netapp.com/tech library/3022.html.
[15]
I. Mayergoyz, C. Seprico, C. Krafft, and C. Tse. Magnetic Imaging on a Spin-Stand. Journal of Applied Physics, 87 9):6824--6826, May 2000.
[16]
K. Muniswamy-Reddy, C.P. Wright, A. Himmer, and E. Zadok. A Versatile and User-Oriented Versioning File System. In Proceedings of the Third USENIX Conference on File and Storage Technologies (FAST 2004), pages 115--128, San Francisco, CA, March/April 2004. USENIX Association.
[17]
J.S. Pendry, N. Williams, and E. Zadok. Amutils User Manual, 6.1b3 edition, July 2003. www.am-utils.org.
[18]
R. Perlman. Secure Deletion of Data. In Proceedings of the third international IEEE Security In Storage Workshop (SISW 2005), San Fransisco, CA, December 2005. IEEE Computer Society.
[19]
Z.N.J. Peterson, R. Burns, A. Stubblefield J. Herring, and A.D. Rubin. Secure Deletion for a Versioning File System. In Proceedings of the Fourth USENIX Conference on File and Storage Technologies (FAST '05), pages 143--154, San Francisco, CA, December 2005. USENIX Association.
[20]
C. Plumb. shred(1) - delete a file securely, first overwriting it to hide its contents. Free Software Foundation, August 2004.
[21]
J. Rosenbaum. In Defence of the DELETE Key. The Green Bag, 3(4), Summer 2000. www.greenbag.org/rosenbaum deletekey.pdf.
[22]
P. Sarbanes and M.G. Oxley. Sarbanes-Oxley Act of 2002. U.S. Government Printing Office, July 2002.
[23]
Defense Security Service. National Industrial Security Program Operating Manual (NISPOM), chapter 8: Automated Information System Security. U.S. Government Printing Office, January 1995.
[24]
C.H. Sobey. Recovering Unrecoverable Data: The Need for Drive-Independent Data Recovery. Technical report, Action Front Data Recovery Labs, Inc., April 2004.
[25]
C.P. Wright, J. Dave, and E. Zadok. Cryptographic File Systems Performance: What You Don't Know Can Hurt You. In Proceedings of the Second IEEE International Security In Storage Workshop (SISW 2003), pages 47--61, Washington, DC, October 2003. IEEE Computer Society.
[26]
E. Zadok, R. Iyer, N. Joukov, G. Sivathanu, and C.P. Wright. On Incremental File System Development. ACM Transactions on Storage (TOS), 2(2):161--196, May 2006.
[27]
E. Zadok and J. Nieh. FiST: A Language for Stackable File Systems. In Proc. of the Annual USENIX Technical Conference, pages 55--70, San Diego, CA, June 2000. USENIX Association.
[28]
Q. Zhu and W.W. Hsu. Fossilized index: The linchpin of trustworthy non-alterable electronic records. In Proceedings of the ACM SIGMOD Conference, pages 395--406, June 2005.

Cited By

View all
  • (2024)Optimizing Secure Deletion in Interlaced Magnetic Recording With Move-on-Cover ApproachIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338734143:10(2972-2977)Online publication date: Oct-2024
  • (2023)Metrics for Sustainability in Data CentersACM SIGEnergy Energy Informatics Review10.1145/3630614.36306223:3(40-46)Online publication date: 25-Oct-2023
  • (2022)Forensic analysis of image deletion applicationsMultimedia Tools and Applications10.1007/s11042-021-11619-z81:14(19559-19586)Online publication date: 16-Feb-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
StorageSS '06: Proceedings of the second ACM workshop on Storage security and survivability
October 2006
94 pages
ISBN:1595935525
DOI:10.1145/1179559
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. file systems
  2. secure deletion
  3. security
  4. unintended data recovery

Qualifiers

  • Article

Conference

CCS06
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)5
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Optimizing Secure Deletion in Interlaced Magnetic Recording With Move-on-Cover ApproachIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338734143:10(2972-2977)Online publication date: Oct-2024
  • (2023)Metrics for Sustainability in Data CentersACM SIGEnergy Energy Informatics Review10.1145/3630614.36306223:3(40-46)Online publication date: 25-Oct-2023
  • (2022)Forensic analysis of image deletion applicationsMultimedia Tools and Applications10.1007/s11042-021-11619-z81:14(19559-19586)Online publication date: 16-Feb-2022
  • (2021)A NetLogo Extension to Secure Data Using GNUs Pretty Good Privacy Software SuiteAdvances in Social Simulation10.1007/978-3-030-61503-1_30(299-312)Online publication date: 27-Apr-2021
  • (2019)Secure Data Deduplication with Reliable Data Deletion in CloudInternational Journal of Foundations of Computer Science10.1142/S012905411940012430:04(551-570)Online publication date: 2-Jul-2019
  • (2019)Achieving Efficient and Verifiable Assured Deletion for Outsourced Data Based on Access Right RevocationCryptology and Network Security10.1007/978-3-030-31578-8_22(392-411)Online publication date: 11-Oct-2019
  • (2019)Confidentiality of Data in the CloudSecurity, Privacy, and Digital Forensics in the Cloud10.1002/9781119053385.ch3(51-80)Online publication date: 8-Feb-2019
  • (2018)Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a surveyCybersecurity10.1186/s42400-018-0005-81:1Online publication date: 5-Jun-2018
  • (2018)Eraser: Your Data Won't Be Back2018 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2018.00019(153-166)Online publication date: Apr-2018
  • (2017)A method and implementation for the empirical study of deleted file persistence in digital devices and media2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC.2017.7868431(1-7)Online publication date: Jan-2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media