Forensic Issues and Techniques to Improve Security in SSD with Flex Capacity Feature

Na Young Ahn, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

Over-provisioning technology is typically introduced as a means to improve the performance of storage systems, such as databases. The over-provisioning area is both hidden and difficult for normal users to access. This paper focuses on attack models for such hidden areas. Malicious hackers use advanced over-provisioning techniques that vary capacity according to workload, and as such, our focus is on attack models that use variable over-provisioning technology. According to these attack models, it is possible to scan for invalid blocks containing original data or malware code that is hidden in the over-provisioning area. In this paper, we outline the different forensic processes performed for each memory cell type of the over-provisioning area and disclose security enhancement techniques that increase immunity to these attack models. This leads to a discussion of forensic possibilities and countermeasures for SSDs that can change the over-provisioning area. We also present information-hiding attacks and information-exposing attacks on the invalidation area of the SSD. Our research provides a good foundation upon which the performance and security of SSD-based databases can be further improved.

Original languageEnglish
Pages (from-to)167067-167075
Number of pages9
JournalIEEE Access
Volume9
DOIs
Publication statusPublished - 2021

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • Forensic
  • NAND flash memory
  • SSD
  • attack model
  • hidden area
  • invalid block
  • malware
  • over-provisioning

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'Forensic Issues and Techniques to Improve Security in SSD with Flex Capacity Feature'. Together they form a unique fingerprint.

Cite this