Carnegie Mellon University Technical Report CMU-CS-00-129, May 2000.
John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A.N. Soules, Gregory R. Ganger
Dept. of Electrical and Computer Engineering
Carnegie Mellon University
Pittsburgh, PA 15213
http://www.pdl.cmu.edu/
Self-securing storage prevents intruders from undetectably tampering
with or permanently deleting stored data. To accomplish this, self-securing
storage devices internally audit all requests and keep all versions
of all data for a window of time, regardless of the commands received
from potentially-compromised host operating systems. Within the window,
system administrators have this valuable information for intrusion diagnosis
and recovery. The S4 implementation combines log-structuring with novel
metadata journaling and data replication techniques to minimize the
performance costs of comprehensive versioning. Experiments show that
self-securing storage devices can deliver performance that is comparable
with conventional storage. Further, analyses indicate that several weeks
worth of all versions can reasonably be kept on state-of-the-art disks,
especially when differencing and compression technologies are employed.
FULL PAPER: pdf / postscript