Computer Science Department
School of Computer Science, Carnegie Mellon University


Design and Implementation of a Self-Securing Storage Device

John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz,
Craig A.N. Soules, Gregory R. Ganger

May 2000

Keywords: Security, survivability, intrusion tolerance, storage systems, network-attached storage

Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially-compromised host operating systems. Within the window, system administrators have this valuable information for intrusion diagnosis and recovery. The S4 implementation combines log-structuring with novel metadata journaling and data replication techniques to minimize the performance costs of comprehensive versioning. Experiments show that self-securing storage devices can deliver performance that is comparable with conventional storage. Further, analyses indicate that several weeks worth of all versions can reasonably be kept on state-of-the-art disks, especially when differencing and compression technologies are employed.

32 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by