From owner-freebsd-security Fri Jun 25 12: 3:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8DF9E14E62 for ; Fri, 25 Jun 1999 12:03:24 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id PAA19170; Fri, 25 Jun 1999 15:03:03 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Fri, 25 Jun 1999 15:03:03 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Jason Young Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Subject: Re: Secure Deletion In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On a related noted, Ross Anderson and others wrote a paper on steganographic file systems http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/sfs3.ps.gz That is, file systems intended to hide even the presence of files if the user is not authorized, cryptographically. Ross has suggested I port the linux code to FreeBSD while I'm at Cambridge for the next few weeks. Given the backlog of Posix.1e stuff, I may not get around to it, but it's an interesting concept. It does bring up the issue of meta-data, however. Probably, disk sectors should be marked as needing real wiping, and inodes + directory entries need to be similarly treated after file deletion. (this in FreeBSD-land again, not the SFS). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message