Adding Secure Deletion to Your Favorite File System

  • Authors:

  • Nikolai Joukov;Erez Zadok

  • Affiliations:

  • Stony Brook University;Stony Brook University

  • Venue:
  • SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

Files or even their names often contain confidential or secret information. Most users believe that such information is erased as soon as they delete a file. Even those who knowthat this is not true often ignore the issue. Nevertheless, recovering deleted files is trivial and can be performed even by novice hackers. The problem is exacerbated by the widespread of portable and mobile storage devices. This type of unwanted after-deletion data recovery is in part an education problem. Users believe that deleted files are erased, even though they are not. Retraining and educating users is difficult. Therefore, storage systems should behave appropriately - the data should be erased from the storage on a per-delete basis. We found that existing solutions are either inconvenient, inefficient, or insecure. We have designed Purgefs: a file system extension that transparently overwrites files on the per-delete basis. Purgefs can be automatically added to a number of existing and future file systems, including networked and stackable file systems. Purgefs supports multiple policies to trade-off performance with the level of purging guarantees. We demonstrate that Purgefs does not add overheads or perturb users' activity under typical user workloads.