TY - GEN
T1 - MimosafTL
T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
AU - Wang, Peiying
AU - Jia, Shijie
AU - Chen, Bo
AU - Xia, Luning
AU - Liu, Peng
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/3/13
Y1 - 2019/3/13
N2 - Ransomware attacks have become prevalent nowadays due to sudden flourish of cryptocurrencies. Most existing defense strategies for ransomware, however, are vulnerable to privileged ransomware who can compromise the operating system and hence any backup data stored locally. The out-of-place-update and the isolation nature of flash memory storage, for the first time, makes it possible to design a defense strategy which is secure against the privileged ransomware. In this work, we propose MimosaFTL, a secure and practical ransomware defense strategy for mobile computing devices equipped with flash memory as external storage. MimosaFTL is secure against the privileged malware by taking advantage of unique characteristics of flash storage. In addition, it is more practical (compared to prior work) for real-world deployments by: 1) incorporating a fine-grained detection scheme which can detect presence of ransomware accurately; and 2) allowing the victim to efficiently restore the infected external storage to the exact point when the malware starts to perform corruption. Experimental evaluation shows that, MimosaFTL can mitigate ransomware attacks effectively with a small negative impact on both I/O performance and lifetime of flash storage.
AB - Ransomware attacks have become prevalent nowadays due to sudden flourish of cryptocurrencies. Most existing defense strategies for ransomware, however, are vulnerable to privileged ransomware who can compromise the operating system and hence any backup data stored locally. The out-of-place-update and the isolation nature of flash memory storage, for the first time, makes it possible to design a defense strategy which is secure against the privileged ransomware. In this work, we propose MimosaFTL, a secure and practical ransomware defense strategy for mobile computing devices equipped with flash memory as external storage. MimosaFTL is secure against the privileged malware by taking advantage of unique characteristics of flash storage. In addition, it is more practical (compared to prior work) for real-world deployments by: 1) incorporating a fine-grained detection scheme which can detect presence of ransomware accurately; and 2) allowing the victim to efficiently restore the infected external storage to the exact point when the malware starts to perform corruption. Experimental evaluation shows that, MimosaFTL can mitigate ransomware attacks effectively with a small negative impact on both I/O performance and lifetime of flash storage.
UR - http://www.scopus.com/inward/record.url?scp=85063873891&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063873891&partnerID=8YFLogxK
U2 - 10.1145/3292006.3300041
DO - 10.1145/3292006.3300041
M3 - Conference contribution
AN - SCOPUS:85063873891
T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
SP - 327
EP - 338
BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
Y2 - 25 March 2019 through 27 March 2019
ER -