Lunch Seminar Talk: Joel Reardon, System Security: UBIFSec: Secure Deletion for the UBIFS File System

Abstract:

We address the problem of secure data deletion on flash memory. We focus on the UBIFS file system, a flash file system that accesses flash memory through a logical abstraction called UBI.  We propose UBIFSec, a modification to UBIFS that guarantees secure deletion of all deleted data on the file system. UBIFSec encrypts every data node in the file system with a different key, and stores the keys in a separate, prewritten key storage area. This area is periodically purged to securely delete keys belonging to deleted data.

We implement UBIFSec by extending UBIFS's Linux implementation and integrating it in the operating system of an Android Nexus One smartphone. Our modifications have attractive properties: they do not significantly impact the time required to perform basic file system operations, the increase in flash memory wear is very small, and is compatible with UBIFS's ability to perform wear-levelling on the flash memory.  Moreover, our changes preserve rapid mounting of UBIFS file systems after both safe and unsafe unmountings; in particular, a full scan of the storage medium is never required.