Understanding Security Vulnerabilities in File Systems

Cai, Miao; Huang, Hao; Huang, Jian

doi:10.1145/3343737.3343753

Cited by 9 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, we focus on the secuirty vulnerabilities in file systems. Unlike the previous file system studies that focused on bug causes and consequences [15,47], our study centers around the understanding of the attack surface of file systems and the vulnerability exploitation procedure, while covering a wider range of CVEs across different types of file systems. To the best of our knowledge, our study is the first in-depth work of its kind.…”

Section: Related Workmentioning

confidence: 99%

“…Past studies [47,60] on file systems mostly focus on functionality-related perspectives, failing to provide the desired security-centric understanding. Prior study [15,47] took an initial effort to investigate the filesystem bugs and security in Linux. However, it targeted solely on generic file systems, with a focus on the causes and consequences, which lacks the analysis of the whole lifecycle of the vulnerability exploitation and fixes processes.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective

Sun¹,

Li²,

Xu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

This paper presents a systematic study on the security of modern file systems, following a vulnerability-centric perspective. Specifically, we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years. We characterize them from four dimensions that include why the vulnerabilities appear, how the vulnerabilities can be exploited, what consequences can arise, and how the vulnerabilities are fixed. This way, we build a deep understanding of the attack surfaces faced by file systems, the threats imposed by the attack surfaces, and the good and bad practices in mitigating the attacks in file systems. We envision that our study will bring insights towards the future development of file systems, the enhancement of file system security, and the relevant vulnerability mitigating solutions.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective

Sun¹,

Li²,

Xu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, the file versioning software mentioned above faces critical security challenges due to malware that is becoming more intelligent. This intelligent malware, such as ring-0 privileged malware, uses the latest exploit techniques to escalate privilege [14] and compromise the system. If malware acquires kernel privilege, anti-malware and file versioning services that are running on the host system for data protection will be neutralized.…”

Section: Introductionmentioning

confidence: 99%

A Policy-based Versioning SSD with Intel SGX

Ahn,

Lee,

Lee

et al. 2021

Preprint

View full text Add to dashboard Cite

Privileged malware neutralizes software-based versioning systems and destroys data. To counter this threat, a versioning solid-state drive (SSD) that performs versioning inside the SSD has been studied. An SSD is a suitable candidate for data versioning because it can preserve previous versions without additional copying, and provide high security with a very small trusted computing base (TCB). However, the versioning SSDs studied so far commonly use a full disk versioning method that preserves all file versions in a batch. This paper demonstrates that SSDs, which provide full disk versioning, can be exposed to data tampering attacks when the retention time of data is less than the malware's dwell time. To deal with this threat, we propose SGX-SSD, a policy-based per-file versioning SSD to keep a deeper history for only the important files of users. However, since the SSD isn't aware of a file semantic, and the versioning policy information should be securely received from the untrusted host computer, implementing the per-file versioning in SSD is a huge challenge. To solve this problem, SGX-SSD utilizes the Intel SGX and has a secure host interface to securely receive policy information (configuration values) from the user. Also, to solve the file semantic unawareness problem of the SSD, a piggyback module is designed to give a file hint at the host layer, and an algorithm for selective versioning based on the policy is implemented in the SSD. To prove our system, we prototyped SGX-SSD the Jasmine OpenSSD platform in Linux environment. In the experimental evaluation, we proved that SGX-SSD provides strong security with little additional overhead for selective per-file versioning.

show abstract