Chapter Fifteen. Sanitization and Usability

Previous page
Table of content
Next page

Simson Garfinkel

DELETION POSES A FUNDAMENTAL QUANDARY TO SECURE USABILITY. On the one hand, users would like to be able to undo their mistakesto undelete files after they have been deleted accidentally. On the other hand, users would like to know that sensitive data is actually removed from a disk when they delete itremoved so that it cannot be recovered by an adversary.

Anybody who has a paper shredder lives with this quandary. If you get one of those preapproved credit card offers in the mail and you don't need it, you can always just throw it into a recycling bin. If you change your mind and decide that the 0% introductory rate might help you finance a new laptop, you can always pull the offer out of the bin and fill it out. Of course, these preapproved offers can also be used by crooks in the commission of identity theft: if you are really sure that you don't want to take out that new credit card, you're better off shredding the offer and perhaps even the envelope in which it came. The best paper shredders make it easy for you to inspect the chad to make sure that the information is no longer intelligible. Some companies that care about their data security let their employees throw whatever documents they wish into recycling, but the paper is then shredded before it is given to a waste hauler.

Today's computers use the metaphors of folders, files, recyclers, and paper shredders frequently to describe how information is stored and erased, but few actually work the way that these metaphors imply. In fact, they work in a way that is perverse and truly anti-user: when a file is deletedperhaps by putting it in the Windows Recycle Bin and then emptying the recyclernormal users can no longer recover the contents of their files, but specialists armed with special forensic tools frequently can. Simply put, the DELETE key lies.

Nobody set out to make delete a deceitful act, it just sort of happened. And it's something that can be undone. If computers were programmed to simply overwrite data when that data was "deleted," a process commonly called sanitization , this problem would not exist. But changing the behavior of a function that's nearly 40 years old can be hard work.

This chapter addresses the question of sanitization and usability. My argument, based on an analysis of operating systems and the results of a data forensics investigation, is that the time has come to redesign the way that operating systems implement DELETE.


Previous page
Table of content
Next page
Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
SQL Hacks
Cisco CallManager Fundamentals (2nd Edition)
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
GO! with Microsoft Office 2003 Brief (2nd Edition)
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy