Skip to main content
main-content

Über dieses Buch

This book is the first to develop a systematized approach for the comparison and evaluation of secure deletion solutions. The book focuses on novel secure deletion solutions targeting specific real-world environments where secure deletion is problematic: mobile storage and remote storage. The author surveys related work, organizes existing solutions in terms of their interfaces, presents a taxonomy of adversaries differing in their capabilities, and then builds a system and adversarial model based on the survey of related work.

The book is useful for both academics, researchers and graduate students, and for practitioners who may integrate its results into deployed systems.

Inhaltsverzeichnis

Frontmatter

Introduction and Background

Frontmatter

Chapter 1. Introduction

Abstract
This chapter explains the scope, motivation and structure of the book.
Joel Reardon

Chapter 2. Related Work on Secure Deletion

Abstract
This chapter surveys related work and organizes existing solutions in terms of their interfaces. The chapter further presents a taxonomy of adversaries differing in their capabilities as well as a systematization of the characteristics of secure deletion solutions. Characteristics include environmental assumptions and behavioural properties of the solution.
Joel Reardon

Chapter 3. System Model and Security Goal

Abstract
This chapter builds a system and adversarial model based on the survey of related work. This is the model that we use throughout this book. It also presents different types of storage media and illustrates the adversary’s abilities and the user’s goal.
Joel Reardon

Secure Deletion for Mobile Storage

Frontmatter

Chapter 4. Flash Memory: Background and Related Work

Abstract
This chapter opens the part on secure deletion for mobile storage. It first presents details on the characteristics of flash memory, which is currently ubiquitously used in portable storage devices. Flash memory has the problem that the unit of erasure is much larger than the unit of read and write, and worse, erasure is expensive. It then presents related work for flash memory as well as generalizations of this erasure asymmetry to other kinds of media.
Joel Reardon

Chapter 5. User-Level Secure Deletion on Log-Structured File Systems

Abstract
This chapter presents our research into user-level secure deletion for flash memory, with a concrete example of an Android-based mobile phone. We show that these systems provide no timely data deletion, and that the time data remains increases with the storage medium’s size. We propose two user-level solutions that achieve secure deletion as well as a hybrid of them, which guarantees periodic, prompt secure data deletion regardless of the storage medium’s size. We also develop a model of the writing behaviour on a mobile device that we use to quantify our solution’s performance.
Joel Reardon

Chapter 6. Data Node Encrypted File System

Abstract
This chapter presents DNEFS, a file system change that provides fine-grained secure data deletion and is particularly suited to flash memory. DNEFS encrypts each individual data item and colocates all the encryption keys in a densely packed key storage area. DNEFS is efficient in flash memory erasures because the expensive erasure operation is only needed for the key storage area.
Joel Reardon

Chapter 7. UBIFSec: Adding DNEFS to UBIFS

Abstract
This chapter presents UBIFSec, an implementation of DNEFS with the flash file system UBIFS.We describe our implementation and furthermore integrate UBIFSec in the Android operating system. We measure its performance and show that it is a usable and efficient solution. Android OS and applications run normally when using UBIFSec as the file system.
Joel Reardon

Secure Deletion for Remote Storage

Frontmatter

Chapter 8. Cloud Storage: Background and Related Work

Abstract
This chapter begins the part on secure deletion for remote storage. We present details on the characteristics of persistent storage, a model of a storage medium that is unable to provide any secure deletion of its stored data. After motivating its suitability for modelling remote storage, the chapter then presents a range of related work on the topic of secure deletion for persistently stored data when the user has access to a secondary securely deleting storage medium.
Joel Reardon

Chapter 9. Secure Data Deletion from Persistent Media

Abstract
This chapter presents a general approach to the design and analysis of secure deletion for persistent storage that relies on encryption and key wrapping. It defines a key disclosure graph that models the adversarial knowledge over a history of key generation and wrapping. We define a generic update function, expressed as a graph mutation for the key disclosure graph, and prove that this update function achieves secure deletion. Instances of the update function implement the update behaviour of all tree-like data structures including B-Trees, extendible hash tables, linked lists, and others.
Joel Reardon

Chapter 10. B-Tree-Based Secure Deletion

Abstract
This chapter presents a securely deleting data structure using insights from the previous chapter. It uses a B-Tree-based data structure to provide secure deletion. We implement our design in full and analyze its performance, finding that its communication and storage overhead is small.
Joel Reardon

Chapter 11. Robust Key Management for Secure Data Deletion

Abstract
This chapter considers the problem of an unreliable securely deleting storage medium, that is, one that may lose data, expose data, fail to delete data, and fail to be available. We build a robust fault-tolerant system that uses multiple unreliable storage media. The system permits multiple clients to store securely deletable data and provides a means to control policy aspects of its storage and deletion. It presents details on the implementation both of the distributed securely deleting medium as well as a file system extension that uses it. The solution has low latency at high loads and requires only a small amount of communication among nodes.
Joel Reardon

Conclusions

Frontmatter

Chapter 12. Conclusion and Future Work

Abstract
This chapter is the conclusive part of this book. We review our contributions and integrate them into our systematization. We present some related and complementary lines of research that fall outside our scope but are still worth discussing. We then outline avenues for future research. Finally, we draw conclusions and summarize our work.
Joel Reardon

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise