Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Secure data deletion
Reardon J., Springer International Publishing, New York, NY, 2016. 203 pp. Type: Book (978-3-319287-77-5)
Date Reviewed: May 24 2017

Securely deleting data is a problem in more than just the digital sphere--for example, we are encouraged to shred paper documents with sensitive information. But how secure is shredding? The Defense Advanced Research Projects Agency (DARPA) ran a competition to reconstruct documents from shredded paper and awarded a prize to a team who managed to do just that. Digital data destruction can be both easier and harder--you can often recover information easily from files that were deleted, and with more effort and cost you can get quite a bit of data from damaged disk drives, but you can physically shred a disk drive as well, and that’s pretty well gone. But with the right software, you can overwrite all the data on your drives (it may take several overwrites--although with newer drives, the general standard seems to be three, including one with random data). However, unless you overwrite the entire disk, it is likely that blocks deleted from a file will remain and be recoverable.

Flash drives complicate this more because of the way they write and erase data. Flash drives cannot update data in place; instead, new data is written to a new location (a write block) and the old data is marked as not being in use. Thus, the old data remains accessible until an erase block containing that data is erased. Once it is erased, it is gone, but erasure may only happen after some time during which the block is still available with its data. Add to the mix cloud storage where the user usually has no control even over the physical media involved.

One solution is to encrypt all the data and delete it by throwing away the key. This can be done at the file level or at the device level (whole disk encryption). If done at the file level, the key must be securely destroyed, which is potentially problematic in both flash memory and cloud storage.

In this book, the author discusses all of this, as well as some of the ways to ensure secure deletion, with a particular focus on flash memory and cloud storage.

There are four main parts to the book:

(1) “Introduction and Background” discusses the basics of secure deletion, and the adversarial models used.

(2) “Secure Deletion for Mobile Storage” discusses flash memory in general, log structured file systems, secure deletion in such systems, data node encrypted file systems, and a practical chapter on actually implementing the data node file system.

(3) “Secure Deletion for Remote Storage” discusses how to securely delete data from persistent media (usually with an associated device capable of securely deleting keys) and how to manage those keys (with key management always being a tricky problem). This section contains a chapter on B-tree-based secure deletion.

(4) “Conclusions and Future Work” wraps things up and mentions some interesting related topics such as provable deletion.

There is a decent bibliography and a nice glossary.

The material is generally well presented and interesting, and the results in Parts 2 and 3 are informative, but more background would have been helpful in the introduction and conclusions.

This book could well be used as supplemental material for an undergraduate course in computer security or in operating systems, as the author mentions implementations in Linux for several ideas presented.

More reviews about this item: Amazon

Reviewer:  Jeffrey Putnam Review #: CR145290 (1708-0531)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (K.6.5 )
 
 
Systems (H.2.4 )
 
 
Data Encryption (E.3 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy