Often Overlooked Security Implications of Data Corruption

Posted by: Thom Denholm

Data corruption happens when the media or the file system fail in some way. While this is bad enough, developers may not have considered the security implications of this corruption. Data which was either erased or part of another file could be revealed, a decidedly unsecure situation!

On the media, file system blocks can be used to point to other blocks that contain user data. This is known as Metadata. These could be file name and folder information or indirect blocks, which point to more data blocks for a file. When a metadata block becomes corrupted (often through data integrity problems or power interruption), then any I/O on the blocks that it points to could be performed on unexpected blocks on the media. Both reading and overwriting secure data are potential major problems.

Utilizing a cyclic redundancy check (CRC) for the metadata is important to validate the internal status of these blocks before they are used to perform additional I/O. There are a variety of CRC algorithms available utilizing more memory to improve lookup speed.

One problem we have encountered that defeats even the CRC protection is stale blocks. Valid data and CRC are written to the media, but a subsequent read then returns previous data which was perfectly valid when written. If this is a metadata block (pointing to other blocks), it can have the same problems outlined above.

The solution for this problem is to use hierarchical CRCs, a technique also known as Merkle Trees. These CRCs provide protection for the current block AND a consistency with the parent block. This means a block read must be both valid AND current to pass this test, which greatly reduces the potential for security failures.

Finally, user data corruption is also a potential problem. Documents and images often include a header which contains (among other things) the amount of data in the file. If the program used to open these files believes the corrupt header data instead of the file system data, then that program may read past the end of the file and into unallocated (and potentially secure) media. These data fragments would be displayed as part of the file.

With malicious attacks already causing security problems, there is no reason to exacerbate the issue. Make sure your file system and applications are keeping you safe from corruption.

Learn more about Reliance Nitro

Comments (0)

Add a Comment

Allowed tags: <b><i><br>Add a new comment: