Browse Prior Art Database

Efficient secure data deletion scheme for virtual disks

IP.com Disclosure Number: IPCOM000097037D
Original Publication Date: 2005-Mar-07
Included in the Prior Art Database: 2005-Mar-07
Document File: 2 page(s) / 50K

Publishing Venue

IBM

Abstract

A technique for ensuring that data that is desired to be provably destroyed is effectively overwritten by selectively migrating it to intensively-reused areas of a storage medium. The frequency of reuse of areas of the storage medium is monitored to identify "hot spots" suitable for use as targets for data migration.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Efficient secure data deletion scheme for virtual disks

Main Idea

Data stored on disk drives is intended to be persistent for as long as it is required, indeed storage subsystem vendors go to great lengths to make the data stored safe from failures of hardware or software that might inadvertently cause data loss. There comes a time however when stored data (except perhaps artistic works) is no longer useful to the organisation that stored it, and the data needs to be deleted in order to recover the space for more useful data. Increasingly though, it is important to organisations that when data is deleted, it is provably gone, and may not be recovered even for example by forensic (palimpsest signal or magnetic force microscopy) methods. This might be true for example for sensitive financial data, personal data, medical records or even military data.

    The potential for recovery of time expired data that is thought to have been deleted is a serious concern for many organisations, and one method to ensure the destruction of the data is to physically destroy the hardware that stored the data. This method, while very sure, has the drawback that it renders the hardware useless for new data to be stored on it, so it is an expensive option.

    Schemes have been described to securely erase data by overwriting multiple times with prescribed patterns or with random data. A number of real or de-facto standards for this are in use, notably US DoD 5220-22M or the Gutmann Standard. Some of these (e.g. Gutmann) attempt to exploit the data encoding scheme that is used on the disk medium to ensure that maximum "randomness" is introduced to the erased area(s). It is well known though that while special patterns are indeed very effective for FM and MFM recording with RLL schemes, the most effective scheme for modern RLL coding and PRML channels in hard disk drives is simply to repeatedly overwrite the area to be deleted with pseudorandom data.

    The problem with overwriting in a busy system is that this secure deletion workload adds to the workload of the system, by requiring yet mor...