Date of Award
2024
Document Type
Open Access Master's Thesis
Degree Name
Master of Science in Computer Science (MS)
Administrative Home Department
Department of Computer Science
Advisor 1
Bo Chen
Committee Member 1
Xinyu Lei
Committee Member 2
Jean Mayo
Abstract
In the history of access control, nearly every system designed has relied on the operating system (OS) to enforce the access control protocols. However, if the OS (and specifically root access) is compromised, there are few if any solutions that can get users back into their system efficiently. In this work, we have proposed a novel approach that allows secure and efficient rollback of file access control after an adversary compromises the OS and corrupts the access control metadata. Our key observation is that the underlying flash memory typically performs out-of-place updates. Taking advantage of this unique feature, we can extract the ``stale data'' specific for OS access control, by performing low-level disk forensics over the raw flash memory. This allows efficiently rolling back the OS access control to a state pre-dating the compromise. To justify the feasibility of the proposed approach, we have implemented it in a computing device using file system EXT2/EXT3 and open-sourced flash memory firmware OpenNFM. We also evaluated the potential impact of our design on the original system. Experimental results indicate that the performance of the affected drive is not significantly impacted.
Recommended Citation
Rother, Caleb J., "RECOVERING ACCESS CONTROL VIA DISK FORENSICS ON LOW-LEVEL FLASH MEMORY", Open Access Master's Thesis, Michigan Technological University, 2024.