Sumeet Bajaj, Radu Sion
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Ensuring complete irrecoverability of deleted data is difficult to achieve in modern systems. Simply overwriting data or deploying encryption with ephemeral keys is not sufficient. The mere (previous) existence of deleted records impacts the current system state implicitly at all layers. This can be used as an oracle to derive information about the past existence of deleted records. Yet there is hope. If all system layers would exhibit history independence, such implicit history-related oracles
more » ... would disappear. However, achieving history independence efficiently is hard due to the fact that current systems are designed to heavily benefit from (data and time) locality at all layers through heavy caching, and existing history independent data structures completely destroy locality. In this work we devise a way to achieve history independence while preserving locality (and thus be practical). We then design, implement and experimentally evaluate the first history independent file system (HIFS). HIFS guarantees secure deletion by providing full history independence across both file system and disk layers of the storage stack. It preserves data locality, and provides tunable efficiency knobs to suit different application history-sensitive scenarios.
doi:10.1145/2508859.2516724 dblp:conf/ccs/BajajS13 fatcat:pxmqoh4qmffztn7eiky427ftei