eHIFS: An efficient history independent file system

Document Type

Conference Proceeding

Publication Date



Department of Computer Science


Securely deleting obsolete data is of significant importance, as reserving them may not only endanger data owners' privacy, but also violate data protection regulations like GDPR, SOX and HIPPA. However, completely eliminating data is extremely challenging in modern computer systems. One reason is the past existence of the deleted data may leave artifacts in the layout of a storage system at all layers, and such structural artifacts may be utilized by the adversary to derive sensitive information about the data having been deleted. A novel security notion, history independence, can ensure that memory representation of a data structure is independent of the operation sequences leading to it. Therefore, history independence can be utilized to remove the structural artifacts created by the deleted data, making it possible to achieve secure deletion guarantee. In this work, leveraging history independence, we build history independent systems. The existing history independent file system (HIFS) suffers from a significant degradation compared to the regular file system, rendering it impractical for real-world applications. A fundamental reason for such a degradation is, HIFS simply re-locates the entire data in a history independent manner for each single write. This is unfortunately unnecessary since a multi-snapshot adversary has observed a previous snapshot, and relocating data appearing in this old snapshot is vain and incurs unnecessary overhead. This will be exacerbated when the file system load factor is large. We thus design eHIFS, the first efficient History Independent File System, in which we smartly take advantage of knowledge on the adversary's observations and eliminate those unnecessary re-locations. Security analysis and experimental evaluation show that, compared to HIFS, eHIFS can achieve a similar history independence guarantee, with a 33X write throughput improvement when the file system load factor is 90%.

Publisher's Statement

© 2019 Association for Computing Machinery. Publisher’s version of record:

Publication Title

Asia CCS '19 Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security