Self-Securing Storage: Protecting Data in Compromised Systems

John Strunk, Garth Goodson, Michael Scheinholtz, Craig Soules, Gregory Ganger
Carnegie mellon University
http://www.pdl.cs.cmu.edu/PDL-FTP/Storage/s4_abs.html

Problems:

Self-securing storage: Intrusion diagnosis implies: Recovery implies one of the two:

Self-Secuting Storage

Intrusion detection is easy because audit logs cannot be tampered with.
Device security perimeter = self contained software that exports a simple storage interface and verifies each command's integrity before processing it.
Histore pool = keeps old versions of objects (a separate version for every modification)
2 problems: Solutions: Access control:

S4 - Implementation

Objects live in a flat namespace managed by the "drive" (i.e. object store). Each object gets a unique ID upon creation, from the driver. Each object has an access control structure.
Goals of S4: Structure of S4:

Experiments

Implications