A Policy-based Versioning SSD with Intel SGX
Jinwoo Ahn, Seungjin Lee, Jinhoon Lee, Youngwoo Ko, Junghee Lee, and, Youngjae Kim
TL;DR
This paper introduces SGX-SSD, a secure, policy-based per-file versioning SSD leveraging Intel SGX to protect important files from malware, with minimal performance overhead demonstrated through prototype testing.
Contribution
The paper presents a novel SGX-SSD system that enables secure, selective per-file versioning inside an SSD using Intel SGX and a secure host interface.
Findings
SGX-SSD provides strong security with minimal overhead.
Selective per-file versioning improves efficiency.
Prototype implementation demonstrates feasibility.
Abstract
Privileged malware neutralizes software-based versioning systems and destroys data. To counter this threat, a versioning solid-state drive (SSD) that performs versioning inside the SSD has been studied. An SSD is a suitable candidate for data versioning because it can preserve previous versions without additional copying, and provide high security with a very small trusted computing base (TCB). However, the versioning SSDs studied so far commonly use a full disk versioning method that preserves all file versions in a batch. This paper demonstrates that SSDs, which provide full disk versioning, can be exposed to data tampering attacks when the retention time of data is less than the malware's dwell time. To deal with this threat, we propose SGX-SSD, a policy-based per-file versioning SSD to keep a deeper history for only the important files of users. However, since the SSD isn't aware of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Data Storage Technologies · Caching and Content Delivery · Distributed and Parallel Computing Systems