research-article

RansomBlocker: a Low-Overhead Ransomware-Proof SSD

Authors:

Jihong KimAuthors Info & Claims

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

Article No.: 34, Pages 1 - 6

https://doi.org/10.1145/3316781.3317889

Published: 02 June 2019 Publication History

Get Access

Abstract

We present a low-overhead ransomware-proof SSD, called RansomBlocker (RBlocker). RBlocker provides 100% full protections against all possible ransomware attacks by delaying every data deletion until no attack is guaranteed. To reduce storage overheads of the delayed deletion, RBlocker employs a time-out based backup policy. Based on the fact that ransomware must store encrypted version of target files, early deletions of obsolete data are allowed if no encrypted write was detected for a short interval. Otherwise, RBlocker keeps the data for an interval long enough to guarantee no attack condition. For an accurate in-line detection of encrypted writes, we leverages entropy- and CNN-based detectors in an integrated fashion. Our experimental results show that RBlocker can defend all types of ransomware attacks with negligible overheads.

References

[1]

A POC Windows Crypto-Ransomware, https://github.com/mauri870/ransomware, 2018.

Google Scholar

[2]

Virtual Gangster, https://github.com/roothaxor/Ransom, 2018.

Google Scholar

[3]

S. Baek et al. SSD-Insider: Internal Defense of Solid State Drive Against Ransomware with Perfect Data Recovery. In Proceedings of the IEEE International Conference on Distributed Computing Systems, 2018.

Google Scholar

[4]

A. Cox. JEDEC SSD Endurance Workloads. In Proceedings of the Flash Memory Summit, 2011.

Google Scholar

[5]

J. Huang et al. FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2017.

Digital Library

Google Scholar

[6]

G. Kim et al. Performance Analysis of SSD Write Using TRIM in NTFS and EXT4. In Proceedings of the IEEE Conference on Computer Sciences and Convergence Information Technology, 2011.

Google Scholar

[7]

Y.-K. Lai et al. Hardware-Assisted Estimation of Entropy Norm for High-Speed Network Traffic. Electronics Letters, 50(24):1845--1847, 2014.

Crossref

Google Scholar

[8]

S. Lee et al. Application-Managed Flash. In Proceedings of the USENIX Conference on File and Storage Technologies, 2016.

Digital Library

Google Scholar

[9]

G. Santos. SSD Ranking: The Fasted Solid State Drives, 2018.

Google Scholar

[10]

N. Scaife et al. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. In Proceedings of the IEEE International Conference on Distributed Computing Systems, 2016.

Google Scholar

[11]

H. N. Security. Ransomware Back in Big Way, 181.5 Million Attacks since January, 2018.

Google Scholar

[12]

C. E. Shannon. A Mathematical Theory of Communication. ACM SIGMOBILE Mobile Computing and Communications Review, 5(1):3--55, 2001.

Digital Library

Google Scholar

[13]

A. Wilson. The New and Improved FileBench. In Proceedings of the USENIX Conference on File and Storage Technologies, 2008.

Google Scholar

Cited By

View all

Rother CChen B(2024)Reversing File Access Control Using Disk Forensics on Low-Level Flash MemoryJournal of Cybersecurity and Privacy10.3390/jcp40400384:4(805-822)Online publication date: 1-Oct-2024
https://doi.org/10.3390/jcp4040038
Huang JLiu TChen YPeng HHuang TLei CHuang CFournaris APalmieri P(2024)Time Machine: An Efficient and Backend-Migratable Architecture for Defending Against Ransomware in the HypervisorProceedings of the 2024 on Cloud Computing Security Workshop10.1145/3689938.3694780(66-79)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689938.3694780
Enomoto SKuzuno HYamada HShiraishi YMorii M(2024)Early mitigation of CPU-optimized ransomware using monitoring encryption instructionsInternational Journal of Information Security10.1007/s10207-024-00892-223:5(3393-3413)Online publication date: 30-Jul-2024
https://doi.org/10.1007/s10207-024-00892-2
Show More Cited By

Recommendations

HPDA: A hybrid parity-based disk array for enhanced performance and reliability

Flash-based Solid State Drive (SSD) has been productively shipped and deployed in large scale storage systems. However, a single flash-based SSD cannot satisfy the capacity, performance and reliability requirements of the modern storage systems that ...
Higher reliability redundant disk arrays: Organization, operation, and coding

Parity is a popular form of data protection in redundant arrays of inexpensive/independent disks (RAID). RAID5 dedicates one out of N disks to parity to mask single disk failures, that is, the contents of a block on a failed disk can be reconstructed by ...
A multiple-file write scheme for improving write performance of small files in Fast File System

Fast File System (FFS) stores files to disk in separate disk writes, each of which incurs a disk positioning (seek + rotation) limiting the write performance for small files. We propose a new scheme called co-writing to accelerate small file writes in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019

June 2019

1378 pages

ISBN:9781450367257

DOI:10.1145/3316781

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

DAC '19

Sponsor:

SIGDA

DAC '19: The 56th Annual Design Automation Conference 2019

June 2 - 6, 2019

NV, Las Vegas, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
446
Total Downloads

Downloads (Last 12 months)85
Downloads (Last 6 weeks)17

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rother CChen B(2024)Reversing File Access Control Using Disk Forensics on Low-Level Flash MemoryJournal of Cybersecurity and Privacy10.3390/jcp40400384:4(805-822)Online publication date: 1-Oct-2024
https://doi.org/10.3390/jcp4040038
Huang JLiu TChen YPeng HHuang TLei CHuang CFournaris APalmieri P(2024)Time Machine: An Efficient and Backend-Migratable Architecture for Defending Against Ransomware in the HypervisorProceedings of the 2024 on Cloud Computing Security Workshop10.1145/3689938.3694780(66-79)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689938.3694780
Enomoto SKuzuno HYamada HShiraishi YMorii M(2024)Early mitigation of CPU-optimized ransomware using monitoring encryption instructionsInternational Journal of Information Security10.1007/s10207-024-00892-223:5(3393-3413)Online publication date: 30-Jul-2024
https://doi.org/10.1007/s10207-024-00892-2
Mohanty KBopche GBrahnam SDash S(2023)Ransomware-as-a-Weapon (RaaW)Contemporary Challenges for Cyber Security and Data Privacy10.4018/979-8-3693-1528-6.ch013(247-266)Online publication date: 8-Sep-2023
https://doi.org/10.4018/979-8-3693-1528-6.ch013
JOO YYOON YCHOI J(2023)A Memory-Efficient Overwrite Detection Method for Ransomware-Proof SSDsIEICE Transactions on Information and Systems10.1587/transinf.2023EDL8019E106.D:8(1283-1286)Online publication date: 1-Aug-2023
https://doi.org/10.1587/transinf.2023EDL8019
Ma BYang YLi JZhang FShen WZhou YMa JMeng WJensen CCremers CKirda E(2023)Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data RecoveryProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616665(341-355)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616665
Tripathy SSahoo DSatpathy MMutyam M(2023)Formal Modeling and Verification of Security Properties of a Ransomware-Resistant SSDIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.322959642:8(2766-2770)Online publication date: Aug-2023
https://doi.org/10.1109/TCAD.2022.3229596
Zhou CGuo LHou YMa ZZhang QWang MLiu ZJiang Y(2023)Limits of I/O Based Ransomware Detection: An Imitation Based Attack2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179372(2584-2601)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179372
Fujinoki HManukonda L(2023)Proactive Damage Prevention from Zero-Day Ransomwares2023 5th International Conference on Computer Communication and the Internet (ICCCI)10.1109/ICCCI59363.2023.10210183(133-141)Online publication date: 23-Jun-2023
https://doi.org/10.1109/ICCCI59363.2023.10210183
Ferdous JIslam RMahboubi AIslam M(2023)A Review of State-of-the-Art Malware Attack Trends and Defense MechanismsIEEE Access10.1109/ACCESS.2023.332835111(121118-121141)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3328351
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

HPDA: A hybrid parity-based disk array for enhanced performance and reliability

Higher reliability redundant disk arrays: Organization, operation, and coding

A multiple-file write scheme for improving write performance of small files in Fast File System