Simson L. Garfinkel
Abstract
Users are increasingly demanding two contradictory system properties - the ability to absolutely, positively erase information so that it cannot be recovered, and the ability to recover information that was inadvertently or intentionally altered or deleted. Storage system designers now need to resolve the tension between complete delete and time machine computing.
- Boneh, D. and Lipton, R., "A Revocable Backup System," Department of Computer Science, Princeton University, Princeton, NJ.Google Scholar
- Decru, Inc., "Decru Ships Decru DataFort T520 Security Appliances to Secure Data for Tape Backup," Decru Press Release, December 8, 2003.Google Scholar
- Garfinkel, S. "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable," PhD Thesis, Massachusetts Institute of Technology, June 2005. Google ScholarDigital Library
- Garfinkel, S., and Shelat, A., "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security and Privacy, January/February 2003. Google ScholarDigital Library
- Hartman, P., Bezos, J., Kaphan, S., Spiegel, J., "Method and System for Placing A Purchase Order Via a Communications Network," US Patent 5,960,441, filed September 12, 1997, granted September 28, 1999.Google Scholar
- Kissel, R., Scholl, M., Skolochenko, S. and Li, X., "Guidelines for Media Sanitization," NIST Special Publication 800--88, September 2006. Google ScholarDigital Library
- Norman, D. "Design rules based on analyses of human error." Communications of the ACM, 26(4), April 1983. Google ScholarDigital Library
- Rekimoto, J., "Time-machine computing: a time-centric approach for the information environment," 12th ACM Symposium on User Interface Software and Technology, Asheville, NC, 1999, pp. 45--54. Google ScholarDigital Library
- Seagate, "DriveTrust --- FAQs," October 31, 2006.Google Scholar
Index Terms
- Complete delete vs. time machine computing
Recommendations
Lethe: A Tunable Delete-Aware LSM Engine
SIGMOD '20: Proceedings of the 2020 ACM SIGMOD International Conference on Management of DataData-intensive applications fueled the evolution of log structured merge (LSM) based key-value engines that employ the out-of-place paradigm to support high ingestion rates with low read/write interference. These benefits, however, come at the cost of ...
Man vs. machine: practical adversarial detection of malicious crowdsourcing workers
SEC'14: Proceedings of the 23rd USENIX conference on Security SymposiumRecent work in security and systems has embraced the use of machine learning (ML) techniques for identifying misbehavior, e.g. email spam and fake (Sybil) users in social networks. However, ML models are typically derived from fixed datasets, and must ...
"I feel stupid i can't delete...": a study of users' cloud deletion practices and coping strategies
SOUPS '17: Proceedings of the Thirteenth USENIX Conference on Usable Privacy and SecurityDeletion of data from cloud storage and services is an important aspect of privacy and security. But how easy or simple a task is it for users to complete? Cloud users' deletion practices, challenges and coping strategies have not been well studied to ...
Comments