Forensic Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
This addresses security risks for SSD-based database systems, but it is incremental as it builds on existing over-provisioning technology.
The paper tackles security vulnerabilities in SSDs with variable over-provisioning features, where malicious hackers can hide data or malware in hidden areas, and it proposes forensic processes and security enhancement techniques to counter these attacks.
Over-provisioning technology is typically introduced as a means to improve the performance of storage systems, such as databases. The over-provisioning area is both hidden and difficult for normal users to access. This paper focuses on attack models for such hidden areas. Malicious hackers use advanced over-provisioning techniques that vary capacity according to workload, and as such, our focus is on attack models that use variable over-provisioning technology. According to these attack models, it is possible to scan for invalid blocks containing original data or malware code that is hidden in the over-provisioning area. In this paper, we outline the different forensic processes performed for each memory cell type of the over-provisioning area and disclose security enhancement techniques that increase immunity to these attack models. This leads to a discussion of forensic possibilities and countermeasures for SSDs that can change the over-provisioning area. We also present information-hiding attacks and information-exposing attacks on the invalidation area of the SSD. Our research provides a good foundation upon which the performance and security of SSD-based databases can be further improved.