Upload
lawrence-kelley-maxwell
View
218
Download
2
Tags:
Embed Size (px)
Citation preview
The Problem
Most users believe that files cannot be retrieved once Files are no longer visible The trashcan is emptied The partition is formatted
In reality, only link to the file is deleted Actual data remains
2
What is Secure Deletion?
Secure deletion means rendering files completely irrecoverable No forensic analysis should be able to recover
data from media
4
Secure Deletion Complications
5
Flash electronic storage can make it nearly impossible to erase files
Flash Characteristics
Locations must first be erased before new data can be written But it can take awhile to erase a location
Locations can only be written or erased a small amount of times
The flash solution is to rotate locations for writes.
6
7
Flash Write Behavior
Flash management software rotates the usage of locations
Flash
1 2 3 4 5 6 7
7
Operating System
8
Flash Write Behavior
Flash management software rotates the usage of locations
Write gibberish
to 2
Flash
1 2 3 4 5 6 7
8
Operating System
9
Flash Write Behavior
Write gibberish
to 2
Flash
1 2 3 4 5 6 7
O(\ks@
9
Overwrites go to new location instead of original block Dead data left behind until that location is erased
Operating System
Is this a problem?
10
Removal via hot air
Universal chip reader
We must somehow erase sensitive data!
10
Raw flash chips can be removed and placed in a reader
Achieving Secure Deletion
Need to send erase command to flash to erase sensitive information Flash has no information about the security of the
file – only the file system knows this Currently, file systems only understand read and
write commands, not erase commands
11
TrueErase Components
1. Centralized module that passes secure deletion information from file system to lower layers
2. Extension to storage block layer to take advantage of above information
Issue secure overwrite command Call storage-specific secure deletion command
12
TrueErase Datapath ViewApplications
File System
BlockLayer
Storage
UserKernel
Secure Deletion Module
Block #
Add
Check
Secure delete commands
13
Block #
15
TrueErase Flash Behavior
We can now tell the flash to erase locations
Securely delete
2
Flash
1 2 3 4 5 6 7
15
Operating System
16
TrueErase Flash Behavior
Flash
1 2 3 4 5 6 7
16
The location can be securely deleted!
Operating System
Erase!
Why is this challenging?
Flash management not easily changeable Performance implications Rotating the right locations
File systems not designed for erase Backward compatibility issues
Handling crashes during secure deletion Correctness issues
17
Current Development – TrueErase Programming complete prototype
Fixing final bugs Expected to be done for conference paper
submission in early January
19