RSSD: Defend against Ransomware with Hardware-Isolated Network-Storage Codesign and Post-Attack Analysis

06/12/2022
by   Benjamin Reidys, et al.
0

Encryption ransomware has become a notorious malware. It encrypts user data on storage devices like solid-state drives (SSDs) and demands a ransom to restore data for users. To bypass existing defenses, ransomware would keep evolving and performing new attack models. For instance, we identify and validate three new attacks, including (1) garbage-collection (GC) attack that exploits storage capacity and keeps writing data to trigger GC and force SSDs to release the retained data; (2) timing attack that intentionally slows down the pace of encrypting data and hides its I/O patterns to escape existing defense; (3) trimming attack that utilizes the trim command available in SSDs to physically erase data. To enhance the robustness of SSDs against these attacks, we propose RSSD, a ransomware-aware SSD. It redesigns the flash management of SSDs for enabling the hardware-assisted logging, which can conservatively retain older versions of user data and received storage operations in time order with low overhead. It also employs hardware-isolated NVMe over Ethernet to expand local storage capacity by transparently offloading the logs to remote cloud/servers in a secure manner. RSSD enables post-attack analysis by building a trusted evidence chain of storage operations to assist the investigation of ransomware attacks. We develop RSSD with a real-world SSD FPGA board. Our evaluation shows that RSSD can defend against new and future ransomware attacks, while introducing negligible performance overhead.

READ FULL TEXT

page 1

page 2

research
04/11/2019

Information Leakage in Encrypted Deduplication via Frequency Analysis: Attacks and Defenses

Encrypted deduplication combines encryption and deduplication to simulta...
research
05/12/2022

Building A Trusted Execution Environment for In-Storage Computing

In-storage computing with modern solid-state drives (SSDs) enables devel...
research
08/31/2021

EthClipper: A Clipboard Meddling Attack on Hardware Wallets with Address Verification Evasion

Hardware wallets are designed to withstand malware attacks by isolating ...
research
10/27/2020

2FE: Two-Factor Encryption for Cloud Storage

Encrypted cloud storage services are steadily increasing in popularity, ...
research
12/11/2017

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Remote mobile and embedded devices are used to deliver increasingly impa...
research
09/08/2021

IceClave: A Trusted Execution Environment for In-Storage Computing

In-storage computing with modern solid-state drives (SSDs) enables devel...
research
08/23/2023

Theory vs. Practice in Modeling Edge Storage Systems

Edge systems promise to bring data and computing closer to the users of ...

Please sign up or login with your details

Forgot password? Click here to reset