TrueErase Secure Deletion

The amount of sensitive data stored on electronic media increases as the use of computers and mobile devices becomes more prevalent. For example, home computers and devices may store financial information (e.g., Quicken files or tax documents), usernames and passwords, private correspondence (e.g., emails or chat logs), and personal media files (e.g., pictures or videos). Business computers and devices may store sensitive client data and trade secrets. Government computers and devices may store personally identifiable data on citizens and classified materials.

As the amount of digital sensitive information accrues, the need for the ability to securely remove this information increases. Short of physically destroying the entire storage medium, existing secure-deletion solutions tend to be piecemeal at best . they may only work for one type of storage or file system, may force the user to delete all files instead of selective files, may require the added complexities of encryption and key storage, may require extensive changes and additions to the computer.s operating system or storage firmware, and may not handle system crashes gracefully.

My dissertation research introduces TrueErase, a holistic secure-deletion framework that irrevocably deletes data and metadata. At heart, TrueErase is an information-propagation framework that works alongside of legacy operating system components for easier integration. Through its design, implementation, verification, and evaluation on both a hard drive and emerging solid-state storage, TrueErase shows that it is possible to construct a holistic, per-file, encryption-free, secure-deletion framework that accommodates different storage media and legacy file systems, requires limited changes to legacy systems, and handles common crash scenarios. The experience of building TrueErase further contributes insight into the mechanisms and complexities of the legacy operating system storage data path.

The TrueErase research website can be found here.

My dissertation can be found here.

The Bootable Cluster CD

I was employed as an undergraduate research assistant working with Dr. Paul Gray on the Bootable Cluster CD project. The Bootable Cluster CD (BCCD) is a bootable CD image that boots up into a pre-configured distributed computing environment. The BCCD takes advantage of existing computer labs being a non-destructive, drop-in cd that boots up to a full-fledged clustering environment.

Guardian Kernel Module

Guardian Kernel Module was a graduate project in my kernel/device drives class. It is a Linux 2.6 kernel module that can hide (cloak) itself in a running kernel, prevent or alert the user when modifications or misuses of the system call table occur, check for other cloaked modules, and check the integrity of other currently loaded modules. Check out the link above for the source code, project documentation, rootkit tests, and other goodies. Please be aware, though, that this module only works on certain, tested versions of the Linux 2.6 kernel.

Network Scanner Vulnerability Scanner

This was a project completed in the advanced Unix programming class. A partner and I built a network vulnerability scanner using the C programming lanuage similar to Nessus, which scans a host's ports, attempts to grab service banners to deduce service version/OS type, and automatically tests the vulnerability on the host.

Undergraduate Senior Project: Intrusion detection System

The project paper can be found here.

I set up and used the Snort intrusion detection system to monitor and compare traffic on a major university network against global traffic patterns observed from the Internet Storm Center. I was able to predict ports with service vulnerabilities in advance based on abnormal traffic patterns. Here is the presentation.