Na-Young Ahn

Na-Young Ahn, Dong Hoon Lee

We propose schemes for efficiently destroying privacy data in a NAND flash memory. Generally, even if privcy data is discarded from NAND flash memories, there is a high probability that the data will remain in an invalid block. This is a management problem that arises from the specificity of a program operation and an erase operation of NAND flash memories. When updating pages or performing a garbage collection, there is a problem that valid data remains in at least one unmapped memory block. Is it possible to apply the obligation to delete privacy data from existing NAND flash memory? This paper is the answer to this question. We propose a partial overwriting scheme, a SLC programming scheme, and a deletion duty pulse application scheme for invalid pages to effectively solve privacy data destruction issues due to the remaining data. Such privacy data destruction schemes basically utilize at least one state in which data can be written to the programmed cells based on a multi-level cell program operation. Our privacy data destruction schemes have advantages in terms of block management as compared with conventional erase schemes, and are very economical in terms of time and cost. The proposed privacy data destruction schemes can be easily applied to many storage devices and data centers using NAND flash memories.

Na-Young Ahn, Donghoon Lee

We firstly suggest privacy protection cache policy applying the duty to delete personal information on a hybrid main memory system. This cache policy includes generating random data and overwriting the random data into the personal information. Proposed cache policy is more economical and effective regarding perfect deletion of data.

Na-Young Ahn, Dong Hoon Lee

In this paper we introduced countermeasures against side-channel attacks in the shared memory of TrustZone. We proposed zero-contention cache memory or policy between REE and TEE to prevent from TruSpy attacks in TrustZone. And we suggested that delay time of data path of REE is equal or similar to that of data path of TEE to prevent timing side-channel attacks. Also, we proposed security information flow control based on the Clark-Wilson model, and built the information flow control mechanism using Authentication Tokenization Program (ATP). Accordingly we can expect the improved integrity of the information content between REE and TEE on mobile devices.