ABSTRACT
The ability to securely delete sensitive data from electronic storage is becoming important. However, current per-file deletion solutions tend to be limited to a segment of the operating system's storage data path or specific to particular file systems or storage media.
This paper introduces TrueErase, a holistic secure-deletion framework. Through its design, implementation, verification, and evaluation, TrueErase shows that it is possible to build a legacy-compatible full-storage-data-path framework that performs per-file secure deletion and works with common file systems and solid-state storage, while handling common system failures. In addition, this framework can serve as a building block for encryption- and tainting-based secure-deletion systems.
- Bauer, S. and Priyantha, N. B. 2001. Secure data deletion for Linux file systems. Proceedings of the 10th Usenix Security Symposium (2001), 153--164. Google ScholarDigital Library
- Boneh, D. and Lipton, R. 1996. A revocable backup system. USENIX Security Symposium (1996), 91--96. Google ScholarDigital Library
- Cooke, J. 2007. Flash memory technology direction. Micron Applications Engineering Document. (2007).Google Scholar
- CWE - CWE-327: Use of a Broken or Risky Cryptographic Algorithm (2.2): http://cwe.mitre.org/data/definitions/327.html. Accessed: 2012-09-05.Google Scholar
- Diesburg, S. M., Meyers, C. R., Lary, D. M. and Wang, A. I. A. 2008. When cryptography meets storage. Proceedings of the 4th ACM International Workshop on Storage Security and Survivability (2008), 11--20. Google ScholarDigital Library
- Ganger, G. R. 2001. Blurring the line between OSes and storage devices. Technical Report CMU-CS-01-166, Carnegie Mellon University.Google Scholar
- Garfinkel, S. L. and Shelat, A. 2003. Remembrance of data passed: a study of disk sanitization practices. Security Privacy, IEEE. 1, 1 (Feb. 2003), 17--27. Google ScholarDigital Library
- Geambasu, R., Kohno, T., Levy, A. A. and Levy, H. M. 2009. Vanish: increasing data privacy with self-destructing data. Proceedings of the 18th USENIX Security Symposium (Berkeley, CA, USA, 2009), 299--316. Google ScholarDigital Library
- Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., Feldman, A. J., Appelbaum, J. and Felten, E. W. 2009. Lest we remember: cold-boot attacks on encryption keys. Commun. ACM. 52, 5 (May. 2009), 91--98. Google ScholarDigital Library
- Health Insurance Portability and Accountability Act of 1996: http://www.hhs.gov/ocr/privacy/hipaa/administrative/statute/hipaastatutepdf.pdf. Accessed: 2012-07-24.Google Scholar
- Hughes, G. 2004. CMRR Protocols for disk drive secure erase. Technical report, Center for Magnetic Recording Research, University of California, San Diego.Google Scholar
- Hughes, G. F. 2002. Wise drives {hard disk drive}. Spectrum, IEEE. 39, 8 (Aug. 2002), 37--41. Google ScholarDigital Library
- Ironkey: http://www.ironkey.com. Accessed: 2012-07-26.Google Scholar
- Joukov, N., Papaxenopoulos, H. and Zadok, E. 2006. Secure deletion myths, issues, and solutions. Proceedings of the Second ACM Workshop on Storage Security and Survivability (New York, NY, USA, 2006), 61--66. Google ScholarDigital Library
- Joukov, N. and Zadok, E. 2005. Adding secure deletion to your favorite file system. Security in Storage Workshop, 2005. SISW '05. Third IEEE International (Dec. 2005), 8 pp.--70. Google ScholarDigital Library
- Katcher, J. 1997. Postmark: A new file system benchmark. Technical Report TR3022, Network Appliance, 1997. www.netapp.com/tech_library/3022.html.Google Scholar
- King, C. and Vidas, T. 2011. Empirical analysis of solid state disk data retention when used with contemporary operating systems. Digital Investigation. 8, (2011), S111--S117. Google ScholarDigital Library
- Lee, J., Heo, J., Cho, Y., Hong, J. and Shin, S. Y. 2008. Secure deletion for NAND flash file system. Proceedings of the 2008 ACM Symposium on Applied Computing (New York, NY, USA, 2008), 1710--1714. Google ScholarDigital Library
- Mac OS X Security Configuration for Mac OS X Version 10.6 Snow Leopard: http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf. Accessed: 2012-07-25.Google Scholar
- Marcel Breeuwsma, Martien De Jongh, Coert Klaver, Ronald Van Der Knijff and Roeloffs, M. 2009. Forensic Data Recovery from Flash Memory. CiteSeerX.Google Scholar
- National Industrial Security Program Operating Manual 5220.22-M: 1995. http://www.usaid.gov/policy/ads/500/d522022m.pdf. Accessed: 2012-07-26.Google Scholar
- Nightingale, E. B., Veeraraghavan, K., Chen, P. M. and Flinn, J. 2008. Rethink the sync. ACM Trans. Comput. Syst. 26, 3 (Sep. 2008), 6:1--6:26. Google ScholarDigital Library
- OpenSSH: http://openssh.com/. Accessed: 2012-06-07.Google Scholar
- Perlman, R. 2005. The ephemerizer: making data disappear. Sun Microsystems, Inc.Google Scholar
- Peterson, Z. N. J., Burns, R., Herring, J., Stubblefield, A. and Rubin, A. 2005. Secure deletion for a versioning file system. Proceedings of the USENIX Conference on File And Storage Technologies (FAST) (2005), 143--154. Google ScholarDigital Library
- Reardon, J., Capkun, S. and Basin, D. 2012. Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory. 21st USENIX Security Symposium (Aug. 2012). Google ScholarDigital Library
- Reardon, J., Marforio, C., Capkun, S. and Basin, D. 2011. Secure Deletion on Log-structured File Systems. Technical Report arXiv:1106.0917.Google Scholar
- Scrub utility: http://code.google.com/p/diskscrub/. Accessed: 2012-07-26.Google Scholar
- Secure rm: http://sourceforge.net/projects/srm/. Accessed: 2012-07-26.Google Scholar
- Secure USB Flash Drives | Kingston: http://www.kingston.com/us/usb/encrypted_security. Accessed: 2012-07-26.Google Scholar
- shred(1) - Linux man page: http://linux.die.net/man/1/shred. Accessed: 2012-08-13.Google Scholar
- Shu, F. and Obr, N. 2007. Data set management commands proposal for ATA8-ACS2.Google Scholar
- Sivathanu, G., Sundararaman, S. and Zadok, E. 2006. Type-safe disks. Proceedings of the 7th Symposium on Operating Systems Design and Implementation (Berkeley, CA, USA, 2006), 15--28. Google ScholarDigital Library
- Sivathanu, M., Arpaci-Dusseau, A. C., Arpaci-Dusseau, R. H. and Jha, S. 2005. A logic of file systems. Proceedings of the 4th USENIX Conference on File and Storage Technologies - Volume 4 (Berkeley, CA, USA, 2005), 1--1. Google ScholarDigital Library
- Sivathanu, M., Bairavasundaram, L. N., Arpaci-Dusseau, A. C. and Arpaci-Dusseau, R. H. 2004. Life or death at block-level. Proceedings of the 6th Conference on Symposium on Opearting Systems Design & Implementation - Volume 6 (Berkeley, CA, USA, 2004), 26--26. Google ScholarDigital Library
- Sivathanu, M., Prabhakaran, V., Popovici, F. I., Denehy, T. E., Arpaci-Dusseau, A. C. and Arpaci-Dusseau, R. H. 2003. Semantically-smart disk systems. Proceedings of the 2nd USENIX Conference on File and Storage Technologies (2003), 73--88. Google ScholarDigital Library
- Special Publication 800-88: Guidelines for Media Sanitization: 2006. http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf. Accessed: 2012-07-26.Google Scholar
- Sun, K., Choi, J., Lee, D. and Noh, S. H. 2008. Models and Design of an Adaptive Hybrid Scheme for Secure Deletion of Data in Consumer Electronics. Consumer Electronics, IEEE Transactions on. 54, 1 (Feb. 2008), 100--104. Google ScholarDigital Library
- The OpenSSD Project: http://www.openssd-project.org/wiki/The_OpenSSD_Project. Accessed: 2012-07-29.Google Scholar
- Thibadeau, R. 2006. Trusted Computing for Disk Drives and Other Peripherals. Security Privacy, IEEE. 4, 5 (Oct. 2006), 26--33. Google ScholarDigital Library
- Wei, M., Grupp, L. M., Spada, F. E. and Swanson, S. 2011. Reliably erasing data from flash-based solid state drives. Proceedings of the 9th USENIX Conference on File and Stroage Technologies (Berkeley, CA, USA, 2011), 8--8. Google ScholarDigital Library
- Wipe: Secure File Deletion: http://wipe.sourceforge.net/. Accessed: 2012-07-26.Google Scholar
Index Terms
- TrueErase: per-file secure deletion for the storage data path
Recommendations
TrueErase: Leveraging an Auxiliary Data Path for Per-File Secure Deletion
One important aspect of privacy is the ability to securely delete sensitive data from electronic storage in such a way that it cannot be recovered; we call this action secure deletion. Short of physically destroying the entire storage medium, existing ...
Secure deletion myths, issues, and solutions
StorageSS '06: Proceedings of the second ACM workshop on Storage security and survivabilityThis paper has three goals. (1) We try to debunk several held misconceptions about secure deletion: that encryption is an ideal solution for everybody, that existing data-overwriting tools work well, and that securely deleted files must be overwritten ...
Adapting byte addressable memory storage to user-level file system services
RACS '14: Proceedings of the 2014 Conference on Research in Adaptive and Convergent SystemsWidely available distributed file systems for big data processing are implemented as user-level services since the existing file systems, which are implemented in the operating system kernel, cannot satisfy their requirements. They usually employ file ...
Comments