Design and Implementation of a Self-Securing Storage Device (CMU-CS-00-129)

نویسندگان

  • John D. Strunk
  • Garth R. Goodson
  • Michael L. Scheinholtz
  • Gregory R. Ganger
  • Craig A.N. Soules
چکیده

Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially compromised host operating systems. Within the window, system administrators are guaranteed to have this valuable information for intrusion diagnosis and recovery. The S4 implementation combines log-structuring with novel metadata journaling and data replication techniques to minimize the performance costs of comprehensive versioning. Experiments show that self-securing storage devices can deliver performance that is comparable with conventional storage. Further, analyses indicate that several weeks worth of all versions can reasonably be kept on state-of-the-art disks, especially when di erencing and compression technologies are employed. The authors would like to thank the member companies of the Parallel Data Consortium (CLARiiON Array Development, EMC Corporation, Hewlett-Packard Labs, Hitachi, In neon Technologies, Intel Corporation, LSI Logic, MTI Technology Corporation, Novell, Inc., PANASAS, L.L.C., Procom Technology, Quantum Corporation, Seagate Technology, Sun Microsystems, Veritas Software Corporation, and 3Com Corporation). The authors also thank IBM Corporation and CMU's Data Storage Systems Center for their support of this project.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Enabling Dynamic Security Management of via Device-Embedded Security (CMU-CS-00-174)

This report contains the technical content of a recent funding proposal. In it, we propose a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources. Together with conventional border defenses (e.g., firewalls and OS kernels), such self-securing devices could provide a flexible infrastructure for dynamic preventio...

متن کامل

A Human Organization Analogy for Self-* Systems (CMU-CS-03-129)

The structure and operation of human organizations, such as corporations, offer useful insights to designers of selfsystems (a.k.a. self-managing or autonomic). Examples include worker/supervisor hierarchies, avoidance of micro-management, and complaint-based tuning. This paper explores the analogy, and describes the design of a selfstorage system that borrows from it.

متن کامل

Self-* Storage: Brick-based Storage with Automated Administration (CMU-CS-03-178)

This white paper describes a new project exploring the design and implementation of “self-* storage systems:” self-organizing, self-configuring, self-tuning, self-healing, self-managing systems of storage bricks. Borrowing organizational ideas from corporate structure and automation technologies from AI and control systems, we hope to dramatically reduce the administrative burden currently face...

متن کامل

Design and implementation of a self-securing storage device

Self-securing storage prevents intruders from undetectably tampering with or permanently deleting stored data. To accomplish this, self-securing storage devices internally audit all requests and keep all versions of all data for a window of time, regardless of the commands received from potentially compromised host operating systems. Within the window, system administrators are guaranteed to ha...

متن کامل

Intrusion Detection, Diagnosis, and Recovery with Self-Securing Storage (CMU-CS-02-140)

Self-securing storage turns storage devices into active parts of an intrusion survival strategy. From behind a thin storage interface (e.g., SCSI or CIFS), a self-securing storage server can watch storage requests, keep a record of all storage activity, and prevent compromised clients from destroying stored data. This paper describes three ways selfsecuring storage enhances an administrator’s a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015