Design and Implementation of a Self-Securing Storage Device
Carnegie Mellon University Technical Report CMU-CS-00-129, May 2000.
John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A.N. Soules, Gregory R. Ganger
Dept. of Electrical and Computer Engineering
Carnegie Mellon University
Pittsburgh, PA 15213
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially-compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. The S4 implementation combines log-structuring with novel metadata journaling and data replication techniques to minimize the performance costs of comprehensive versioning. Experiments show that self-securing storage devices can deliver performance that is comparable with conventional storage. Further, analyses indicate that several weeks worth of all versions can reasonably be kept on state-of-the-art disks, especially when differencing and compression technologies are employed.