Design and Implementation of a Self-Securing Storage Device (CMU-CS-00-129)
journal contributionposted on 01.05.2000 by John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A,B. Soules, Gregory R. Ganger
Any type of content formally published in an academic journal, usually following a peer-review process.
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially-compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. The S4 implementation combines log-structuring with novel metadata journaling and data replication techniques to minimize the performance costs of comprehensive versioning. Experiments show that self-securing storage devices can deliver performance that is comparable with conventional storage. Further, analyses indicate that several weeks worth of all versions can reasonably be kept on state-of-the-art disks, especially when differencing and compression technologies are employed.