TY - GEN
T1 - Evanesco
T2 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020
AU - Kim, Myungsuk
AU - Park, Jisung
AU - Cho, Geonhee
AU - Kim, Yoona
AU - Orosa, Lois
AU - Mutlu, Onur
AU - Kim, Jihong
N1 - Publisher Copyright:
© 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2020/3/9
Y1 - 2020/3/9
N2 - As data privacy and security rapidly become key requirements, securely erasing data from a storage system becomes as important as reliably storing data in the system. Unfortunately, in modern flash-based storage systems, it is challenging to irrecoverably erase (i.e., sanitize) a file without large performance or reliability penalties. In this paper, we propose Evanesco, a new data sanitization technique specifically designed for high-density 3D NAND flash memory. Unlike existing techniques that physically destroy stored data, Evanesco provides data sanitization by blocking access to stored data. By exploiting existing spare flash cells in the flash memory chip, Evanesco efficiently supports two new flash lock commands (pLock and bLock) that disable access to deleted data at both page and block granularities. Since the locked page (or block) can be unlocked only after its data is erased, Evanesco provides a strong security guarantee even against an advanced threat model. To evaluate our technique, we build SecureSSD, an Evanesco-enabled emulated flash storage system. Our experimental results show that SecureSSD can effectively support data sanitization with a small performance overhead and no reliability degradation.
AB - As data privacy and security rapidly become key requirements, securely erasing data from a storage system becomes as important as reliably storing data in the system. Unfortunately, in modern flash-based storage systems, it is challenging to irrecoverably erase (i.e., sanitize) a file without large performance or reliability penalties. In this paper, we propose Evanesco, a new data sanitization technique specifically designed for high-density 3D NAND flash memory. Unlike existing techniques that physically destroy stored data, Evanesco provides data sanitization by blocking access to stored data. By exploiting existing spare flash cells in the flash memory chip, Evanesco efficiently supports two new flash lock commands (pLock and bLock) that disable access to deleted data at both page and block granularities. Since the locked page (or block) can be unlocked only after its data is erased, Evanesco provides a strong security guarantee even against an advanced threat model. To evaluate our technique, we build SecureSSD, an Evanesco-enabled emulated flash storage system. Our experimental results show that SecureSSD can effectively support data sanitization with a small performance overhead and no reliability degradation.
KW - 3D NAND flash memory
KW - Data sanitization
KW - Privacy
KW - Security
KW - Solid-state drives (SSDs)
UR - http://www.scopus.com/inward/record.url?scp=85082385658&partnerID=8YFLogxK
U2 - 10.1145/3373376.3378490
DO - 10.1145/3373376.3378490
M3 - Conference contribution
AN - SCOPUS:85082385658
T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
SP - 1311
EP - 1326
BT - ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems
PB - Association for Computing Machinery
Y2 - 16 March 2020 through 20 March 2020
ER -