Design and Implementation of a Self-Securing Storage Device (CMU-CS-00-129)
journal contributionposted on 01.05.2000, 00:00 by John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A,B. Soules, Gregory R. Ganger
Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially-compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. The S4 implementation combines log-structuring with novel metadata journaling and data replication techniques to minimize the performance costs of comprehensive versioning. Experiments show that self-securing storage devices can deliver performance that is comparable with conventional storage. Further, analyses indicate that several weeks worth of all versions can reasonably be kept on state-of-the-art disks, especially when differencing and compression technologies are employed.