A major cyber threat involves hackers using malware to encrypt user files and then charging money (often in the form of cryptocurrency) for the files to be restored. To overcome such an event, computer scientists from the Grainger College of Engineering, University of Illinois have outlined a new approach that involves utilizing commodity storage devices found in most computers.
Most ransomware either launches a cryptoviral extortion attack, which holds the victim’s data hostage; or the malicious code mounts a cryptovirology leakware attack, which threatens to publish the victim’s data, until a ransom is paid.
A novel approach to file storage is required, according to the researchers, because current software-based approaches such as data journaling, logging and backups come with performance and storage costs. These conventional approaches remain vulnerable to malware attacks.
Instead, the researchers have come up with a time-travel solid-state drive, which they have named TimeSSD. This drive retains a history of storage states in hardware for a window of time. To access the drive, a toolkit named TimeKits is required. This toolkit provides storage-state query and rollback functions.
To avoid the system storing too many old files and thereby hampering performance, and to avoid not copying key files in time, the research team built in important functionality so that the software can seamlessly monitor and adjust storage dynamically. In most cases this ensures that data will be retained for at least three days. This provides users the means to back up their data onto other systems within the three-day time period, as required.
The next wave of research undertaken by the team will look at mechanisms for storing data for longer periods than three days on the solid-state drive, without hampering computer operating performance.
The new system has been written up as a paper, which is titled “Project Almanac: A Time-Traveling Solid-State Drive” and which has been published in EuroSys ’19 Proceedings of the Fourteenth EuroSys Conference, 2019; Article No. 13.