Related papers: VaultFS: Write-once Software Support at the File System Level Against Ransomware Attacks

VaultFS: Write-once Software Support at the File System Level Against Ransomware Attacks

URL: http://arxiv.org/abs/2410.21979v1
Date: Tue, 29 Oct 2024 12:06:24 GMT
Title: VaultFS: Write-once Software Support at the File System Level Against Ransomware Attacks
Authors: Pasquale Caporaso, Giuseppe Bianchi, Francesco Quaglia,
Abstract summary: We propose VaultFS, a Linux-suited file system oriented to the maintenance of cold-data. Files are supported via the write-once semantic, and cannot be subject to the rewriting (or deletion) of their content up to the end of their protection life time. VastFS offers the possibility to protect the storage against Denial-of-Service (DOS) attacks.
Score: 6.725792100548271
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The demand for data protection measures against unauthorized changes or deletions is steadily increasing. These measures are essential for maintaining the integrity and accessibility of data, effectively guarding against threats like ransomware attacks that focus on encrypting large volumes of stored data, as well as insider threats that involve tampering with or erasing system and access logs. Such protection measures have become crucial in today's landscape, and hardware-based solutions like Write-Once Read-Many (WORM) storage devices, have been put forth as viable options, which however impose hardware-level investments, and the impossibility to reuse the blocks of the storage devices after they have been written. In this article we propose VaultFS, a Linux-suited file system oriented to the maintenance of cold-data, namely data that are written using a common file system interface, are kept accessible, but are not modifiable, even by threads running with (effective)root-id. Essentially, these files are supported via the write-once semantic, and cannot be subject to the rewriting (or deletion) of their content up to the end of their (potentially infinite) protection life time. Hence they cannot be subject to ransomware attacks even under privilege escalation. This takes place with no need for any underlying WORM device -- since ValutFS is a pure software solution working with common read/write devices (e.g., hard disks and SSD). Also, VaultFS offers the possibility to protect the storage against Denial-of-Service (DOS) attacks, possibly caused by un-trusted applications that simply write on the file system to make its device blocks busy with non-removable content.

Related papers

Defeating Prompt Injections by Design [79.00910871948787]
CaMeL is a robust defense that creates a protective system layer around the Large Language Models (LLMs) To operate, CaMeL explicitly extracts the control and data flows from the (trusted) query. We demonstrate effectiveness of CaMeL by solving $67%$ of tasks with provable security in AgentDojo [NeurIPS 2024], a recent agentic security benchmark.
arXiv Detail & Related papers (2025-03-24T15:54:10Z)
Adversarial Prompt Evaluation: Systematic Benchmarking of Guardrails Against Prompt Input Attacks on LLMs [44.023741610675266]
Large language models (LLMs) can be manipulated into unsafe behaviour by prompts known as jailbreaks. Not all defences are able to handle new out-of-distribution attacks due to the narrow segment of jailbreaks used to align them. We show that based on current datasets available for evaluation, simple baselines can display competitive out-of-distribution performance.
arXiv Detail & Related papers (2025-02-21T12:54:25Z)
SHIELD: Secure Host-Independent Extensible Logging for Tamper-Proof Detection and Real-Time Mitigation of Ransomware Threats [17.861324495723487]
SHIELD is a detection architecture leveraging FPGA-based open-source SATA and Network Block Device technology. It provides off-host, tamper-proof measurements for continuous observation of disk activity for software executing on a target device. SHIELD's robust host-independent and hardware-assisted metrics are a basis for detection, allowing to observe program execution and detect malicious activities at the storage level.
arXiv Detail & Related papers (2025-01-28T01:33:03Z)
Application of Machine Learning Techniques for Secure Traffic in NoC-based Manycores [44.99833362998488]
This document explores an IDS technique using machine learning and temporal series for detecting DoS attacks in NoC-based manycore systems. It is necessary to extract traffic data from a manycore NoC and execute the learning techniques in the extracted data. The developed platform will have its data validated with a low-level platform.
arXiv Detail & Related papers (2025-01-21T10:58:09Z)
Optimizing SSD Caches for Cloud Block Storage Systems Using Machine Learning Approaches [40.13303683102544]
This paper proposes a novel approach to dynamically optimize the write policy in cloud-based storage systems. The proposed method identifies write-only data and selectively filters it out in real-time, thereby minimizing the number of unnecessary write operations.
arXiv Detail & Related papers (2024-12-29T17:37:18Z)
Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation [46.268703252557316]
Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. C Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits. C Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss.
arXiv Detail & Related papers (2024-09-23T18:41:14Z)
CRISP: Confidentiality, Rollback, and Integrity Storage Protection for Confidential Cloud-Native Computing [0.757843972001219]
Cloud-native applications rely on orchestration and have their services frequently restarted. During restarts, attackers can revert the state of confidential services to a previous version that may aid their malicious intent. This paper presents CRISP, a rollback protection mechanism that uses an existing runtime for Intel SGX and transparently prevents rollback.
arXiv Detail & Related papers (2024-08-13T11:29:30Z)
Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications. The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms. This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z)
UPSS: a User-centric Private Storage System with its applications [0.0]
We present UPSS: the user-centric private sharing system, a storage system that can be used as a conventional or as the foundation for security-sensitive applications. We demonstrate that both the security and performance properties of UPSS exceed existing cryptographics and that its performance is comparable to mature conventionals.
arXiv Detail & Related papers (2024-03-23T16:35:37Z)
FileDES: A Secure Scalable and Succinct Decentralized Encrypted Storage Network [30.775493810737192]
Decentralized Storage Network (DSN) is an emerging technology that challenges traditional cloud-based storage systems. We propose FileDES, which incorporates three essential elements: privacy preservation, scalable storage proof, and batch verification. Our protocol outperforms the others in terms of proof generation/verification efficiency, storage costs, and scalability.
arXiv Detail & Related papers (2024-03-22T06:41:30Z)
GuardFS: a File System for Integrated Detection and Mitigation of Linux-based Ransomware [8.576433180938004]
GuardFS is a file system-based approach to investigate the integration of detection and mitigation of ransomware. Using a bespoke overlay file system, data is extracted before files are accessed. Models trained on this data are used by three novel defense configurations that obfuscate, delay, or track access to the file system.
arXiv Detail & Related papers (2024-01-31T15:33:29Z)
A high throughput Intrusion Detection System (IDS) to enhance the security of data transmission among research centers [39.65647745132031]
This paper presents a packet sniffer that was designed using a commercial FPGA development board. The system can support a data throughput of 10 Gbit/s with preliminary results showing that the speed of data transmission can be reliably extended to 100 Gbit/s. It is particularly suited for the security of universities and research centers, where point-to-point network connections are dominant.
arXiv Detail & Related papers (2023-11-10T14:30:00Z)
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z)
FedSecurity: Benchmarking Attacks and Defenses in Federated Learning and Federated LLMs [43.47381610566354]
FedSecurity is an end-to-end benchmark for adversarial attacks and corresponding defense mechanisms in Federated Learning (FL) It eliminates the need for implementing the fundamental FL procedures, e.g., FL training and data loading, from scratch. It contains two key components, including FedAttacker that conducts a variety of attacks during FL training, and FedDefender that implements defensive mechanisms to counteract these attacks.
arXiv Detail & Related papers (2023-06-08T06:21:35Z)
Securing Cloud File Systems with Trusted Execution [9.18546671155073]
Cloud file systems have become prime targets for adversaries. New designs leveraging cryptographic techniques and trusted execution environments (TEEs) still force organizations to make undesirable trade-offs. We introduce BFS, a cloud file system that bootstraps new security protocols to deliver strong security guarantees, high-performance, and a transparent POSIX-like interface to clients.
arXiv Detail & Related papers (2023-05-29T22:27:37Z)
Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.