MimosafTL: Adding secure and practical ransomware defense strategy to flash translation layer

Peiying Wang, Shijie Jia, Bo Chen, Luning Xia, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Ransomware attacks have become prevalent nowadays due to sudden flourish of cryptocurrencies. Most existing defense strategies for ransomware, however, are vulnerable to privileged ransomware who can compromise the operating system and hence any backup data stored locally. The out-of-place-update and the isolation nature of flash memory storage, for the first time, makes it possible to design a defense strategy which is secure against the privileged ransomware. In this work, we propose MimosaFTL, a secure and practical ransomware defense strategy for mobile computing devices equipped with flash memory as external storage. MimosaFTL is secure against the privileged malware by taking advantage of unique characteristics of flash storage. In addition, it is more practical (compared to prior work) for real-world deployments by: 1) incorporating a fine-grained detection scheme which can detect presence of ransomware accurately; and 2) allowing the victim to efficiently restore the infected external storage to the exact point when the malware starts to perform corruption. Experimental evaluation shows that, MimosaFTL can mitigate ransomware attacks effectively with a small negative impact on both I/O performance and lifetime of flash storage.

Original languageEnglish (US)
Title of host publicationCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages327-338
Number of pages12
ISBN (Electronic)9781450360999
DOIs
StatePublished - Mar 13 2019
Event9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States
Duration: Mar 25 2019Mar 27 2019

Publication series

NameCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
CountryUnited States
CityRichardson
Period3/25/193/27/19

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'MimosafTL: Adding secure and practical ransomware defense strategy to flash translation layer'. Together they form a unique fingerprint.

  • Cite this

    Wang, P., Jia, S., Chen, B., Xia, L., & Liu, P. (2019). MimosafTL: Adding secure and practical ransomware defense strategy to flash translation layer. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (pp. 327-338). (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3292006.3300041