Project Almanac: A Time-Traveling Solid-State Drive

Preserving the history of storage states is critical to ensuring system reliability and security. It facilitates system functions such as debugging, data recovery, and forensics. Existing software-based approaches like data journaling, logging, and backups not only introduce performance and storage cost, but also are vulnerable to malware attacks, as adversaries can obtain kernel privileges to terminate or destroy them. In this paper, we present Project Almanac, which includes (1) a time-travel solid-state drive (SSD) named TimeSSD that retains a history of storage states in hardware for a window of time, and (2) a toolkit named TimeKits that provides storage-state query and rollback functions. TimeSSD tracks the history of storage states in the hardware device, without relying on explicit backups, by exploiting the property that the flash retains old copies of data when they are updated or deleted. We implement TimeSSD with a programmable SSD and develop TimeKits for several typical system applications. Experiments, with a variety of real-world case studies, demonstrate that TimeSSD can retain all the storage states for eight weeks, with negligible performance overhead, while providing the device-level time-travel property.

[1]  Nisha Talagala,et al.  Don't Stack Your Log On My Log , 2014, INFLOW.

[2]  Sungjin Lee,et al.  Improving Performance and Capacity of Flash Storage Devices by Exploiting Heterogeneity of MLC Flash Memory , 2014, IEEE Transactions on Computers.

[3]  Xubin He,et al.  Delta-FTL: improving SSD lifetime via exploiting content locality , 2012, EuroSys '12.

[4]  Hua Wang,et al.  BVSSD: build built-in versioning flash-based solid state drives , 2012, SYSTOR '12.

[5]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[6]  Dirk Grunwald,et al.  Peabody: the time travelling disk , 2003, 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies, 2003. (MSST 2003). Proceedings..

[7]  Youngjae Kim,et al.  DFTL: a flash translation layer employing demand-based selective caching of page-level address mappings , 2009, ASPLOS.

[8]  Qi Zhang,et al.  Characterization of storage workload traces from production Windows Servers , 2008, 2008 IEEE International Symposium on Workload Characterization.

[9]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[10]  Erez Zadok,et al.  A Versatile and User-Oriented Versioning File System , 2004, FAST.

[11]  Peng Liu,et al.  FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware , 2017, CCS.

[12]  Sriram Raghavan,et al.  Digital forensic research: current state of the art , 2012, CSI Transactions on ICT.

[13]  Qing Yang,et al.  I-CASH: Intelligently Coupled Array of SSD and HDD , 2011, 2011 IEEE 17th International Symposium on High Performance Computer Architecture.

[14]  Ryan Harris,et al.  Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem , 2006, Digit. Investig..

[15]  Steven Swanson,et al.  Reliably Erasing Data from Flash-Based Solid State Drives , 2011, FAST.

[16]  Joo Young Hwang,et al.  F2FS: A New File System for Flash Storage , 2015, FAST.

[17]  Jian Huang,et al.  FlatFlash: Exploiting the Byte-Accessibility of SSDs within a Unified Memory-Storage Hierarchy , 2019, ASPLOS.

[18]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[19]  Suman Nath,et al.  FlashBlox: Achieving Both Performance Isolation and Uniform Lifetime for Virtualized SSDs , 2017, FAST.

[20]  Jeffrey Katcher,et al.  PostMark: A New File System Benchmark , 1997 .

[21]  Kyu Ho Park,et al.  JFTL: A flash translation layer based on a journal remapping for flash memory , 2009, TOS.

[22]  Meng Zhu,et al.  Journaling of journal is (almost) free , 2014, FAST.

[23]  Karsten Schwan,et al.  Unified address translation for memory-mapped SSDs with FlashMap , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[24]  Michael Chow,et al.  Eidetic Systems , 2014, OSDI.

[25]  Andrea C. Arpaci-Dusseau,et al.  Snapshots in a flash with ioSnap , 2014, EuroSys '14.

[26]  Andrea C. Arpaci-Dusseau,et al.  Analysis and Evolution of Journaling File Systems , 2005, USENIX Annual Technical Conference, General Track.

[27]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[28]  Lidong Zhou,et al.  Transactional Flash , 2008, OSDI.

[29]  Jiang Ming,et al.  Cryptographic Function Detection in Obfuscated Binaries via Bit-Precise Symbolic Loop Mapping , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  A. Chervenak,et al.  Protecting File Systems : A Survey of Backup Techniques , 1998 .

[31]  Yookun Cho,et al.  An Efficient Secure Deletion Scheme for Flash File Systems , 2010, J. Inf. Sci. Eng..

[32]  Michael Vrable,et al.  BlueSky: a cloud-backed file system for the enterprise , 2012, FAST.

[33]  Qing Yang,et al.  TRAP-Array: A Disk Array Architecture Providing Timely Recovery to Any Point-in-time , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[34]  Andrea C. Arpaci-Dusseau,et al.  IRON file systems , 2005, SOSP '05.

[35]  Randal C. Burns,et al.  Ext3cow: a time-shifting file system for regulatory compliance , 2005, TOS.

[36]  Sungjin Lee,et al.  SSD-Insider: Internal Defense of Solid-State Drive against Ransomware with Perfect Data Recovery , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).