A recently presented paper about sanitizing solid-state devices (SSDs) and some reaction to it may offer an interesting lesson for EEs designing next-generation products.
The paper, “Reliably Erasing Data From Flash-Based Solid State Drives,” www.usenix.org/events/fast11/tech/full_papers/Wei.pdf, was presented at the Usenix FAST 11 conference on File and Storage Technologies in San Jose, CA. It describes an analysis of SSD sanitization effectiveness using both native SSD techniques and software sanitation tools that are primarily designed for hard-disk drives (HDD).
Ultimately, the paper makes several excellent points about the technologies, and observes that although it may seem obvious to engineers that HDD-focused sanitation tools will probably not work on SSDs, users are not as likely to make the distinction.
“These differences between hard drives and SSDs potentially lead to a dangerous disconnect between user expectations and the drive’s actual behavior,” wrote the paper's authors. “An SSD’s owner might apply a hard drive-centric sanitization technique under the misguided belief that it will render the data essentially irrecoverable. In truth, data may remain on the drive and require only moderate sophistication to extract.”
This acknowledgement — that SSD eraser procedures must be different than HDD procedures — and the paper's finding that some SSD manufacturers had not properly implemented ATA and SCSI sanitation commands caught the attention of respected security expert, Chester Wisniewski, who wrote about both the paper and its impact on data management in the blog, Naked Security nakedsecurity.sophos.com/2011/02/20/ssds-prove-difficult-to-securely-erase/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_content=Yahoo%21+Mail.
Being able to properly and completely remove data from old or failed drives is of vital importance to many companies and government agencies, and I suspect that Wisniewski's post about the paper might lead some information technology managers to reconsider how they use SSDs.
I think that there may be a lesson in this for engineers working on designs that implement relatively newer semiconductor solutions in the place of incumbent and fundamentally different technologies. Remember to ensure that the products we build don't create a “disconnect between user expectations” and actual behavior.
Armando Roggio
Advertisement
Learn more about Electronic Products Magazine
