RSSD: Defend against Ransomware with Hardware-Isolated Network-Storage Codesign and Post-Attack Analysis
Benjamin Reidys, Peng Liu, Jian Huang
TL;DR
This paper introduces RSSD, a hardware-isolated, ransomware-aware SSD design that defends against evolving ransomware attacks by enabling secure logging and post-attack analysis, with minimal performance impact.
Contribution
The paper presents RSSD, a novel SSD redesign with hardware-assisted logging and isolated storage offloading to defend against new ransomware attack vectors.
Findings
RSSD effectively defends against new ransomware attacks.
RSSD introduces negligible performance overhead.
RSSD enables post-attack forensic analysis.
Abstract
Encryption ransomware has become a notorious malware. It encrypts user data on storage devices like solid-state drives (SSDs) and demands a ransom to restore data for users. To bypass existing defenses, ransomware would keep evolving and performing new attack models. For instance, we identify and validate three new attacks, including (1) garbage-collection (GC) attack that exploits storage capacity and keeps writing data to trigger GC and force SSDs to release the retained data; (2) timing attack that intentionally slows down the pace of encrypting data and hides its I/O patterns to escape existing defense; (3) trimming attack that utilizes the trim command available in SSDs to physically erase data. To enhance the robustness of SSDs against these attacks, we propose RSSD, a ransomware-aware SSD. It redesigns the flash management of SSDs for enabling the hardware-assisted logging,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Advanced Data Storage Technologies · Security and Verification in Computing