|   | CMU-CS-00-129 Computer Science Department
 School of Computer Science, Carnegie Mellon University
 
    
     
 CMU-CS-00-129
 
Design and Implementation of a Self-Securing Storage Device 
John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A.N. Soules, Gregory R. Ganger
 
May 2000  
CMU-CS-00-129.psCMU-CS-00-129.pdf
 Keywords: Security, survivability, intrusion tolerance, storage
systems, network-attached storage
 Self-securing storage prevents intruders from undetectably tampering with
or permanently deleting stored data. To accomplish this, self-securing 
storage devices internally audit all requests and keep all versions of all
data for a window of time, regardless of the commands received from 
potentially-compromised host operating systems. Within the window, system 
administrators have this valuable information for intrusion diagnosis and 
recovery. The S4 implementation combines log-structuring with novel
metadata journaling and data replication techniques to minimize the
performance costs of comprehensive versioning. Experiments show that
self-securing storage devices can deliver performance that is comparable
with conventional storage. Further, analyses indicate that several weeks
worth of all versions can reasonably be kept on state-of-the-art disks, 
especially when differencing and compression technologies are employed.
 
32 pages 
 |