[GSoC 2013] Implement file system flags to scrub data blocks before deletion

[Przemysław Sierociński <przsie%gmail.com@localhost>]

I apologize for unconsciously mailing the previous message in HTML.
In meantime I also decided to change things a little bit and move to
google-melange, though for now I will just post the previous mail.

Regards,

Przemyslaw Sierocinski



>Hello,

I am a second year computer science student from University of Wroclaw
interested in GSoC 2013. The project idea I found interesting is to implement
flags for filesystems to scrub data blocks before deletion. Below is a draft
of my application. I am seeking for any sort of hints. Help with the following
paragraph would be especially appreciated.

===============================================================================
1. About the project.
===============================================================================

The idea is described here [1].
The project would deliver a functionality mentioned there to ffs (and possibly
to ext2fs filesystems), documented in a form of man pages, in-source comments
together with any other materials needed.

Plan of works:
(1) To begin with, target ffs:
a) make filesystem write zeroes to blocks when needed
* modify /src/sys/ufs/ffs/:
- to include new flags
- to implement block scrubbing
b) write a custom binary for (2)mount
c) test with the vnode disc driver
d) make some notes to be later turned into man pages etc.
(2) Find out best ways to generate big amounts of pseudo-random garbage
in a fast and economic way:
a) find a proper place for seeding without wasting kernels entropy pool too
much
b) implement various block scrubbing algorithms and test them against [3]
c) test with vnd and a regular partition, compare performance of scrubbers
d) implement a multi-pass block scrubbing option
e) sum up the notes.
(3) Redo (1) and (2) except for ext2fs.
(4) Modify mount utilities (/src/sbin) and other userspace
binaries (/src/lib/libc):
a) decide how to handle situations in which scrubbing is somewhat
deprecated
b) work on man pages, finish any additional notes
(5) In case of an early finish, choose another filesystem.

The above can be divided into weeks to produce a schedule.
Points might be elaborated further.

Software with similar capabilities obviously exists.
However, solutions I can think of (shred, wipe, scrub) are userland programs
and work under GPL license, andso the sources can not be reused.

[1] http://wiki.netbsd.org/projects/project/fs_scrub_flags/

===============================================================================
2. The project and NetBSD.
===============================================================================

I had used NetBSD on a Jornada 720 handheld computer before and I have
just installed the new 6.0 version in a VM. I have also downloaded the sources
and started reading through code related to the project. It certainly would
involve modifications in /sys/ufs/, as well as additions to /sys/crypto/
(I might be wrong here) and userland mount wrappers and libraries
(/sbin/, /lib/libc), maybe more (filesystems supported by modules).
To be honest, I have little to no experiance with these specific interfaces.
Further elaboration on this project might acquire a degree of familiarity with
hardware but for a start knowledge of basic principles is sufficient here.
Choosing the right method for generating or retrieving random data inside
the kernel implies some theoretical (and practical) investigation, although
adopting that knowledge is within my reach. I do not plan testing that would
involve any specific hardware.

===============================================================================
2. About myself.
===============================================================================

Ever since I have used C as my main programming language, even though I tried
many others (C++, Ruby, Haskell, Bash, x86 asm, ...). Samples of my work might
be found on GitHub [1][2][3]. One of the projects I enjoyed most was writing an
exploit [4] for a sample program that would evade ASLR and lead to code
execution (Linux). Operating systems security is my area of interest, therefore
I would be delighted to do that project. On top of that, I consider myself
a reliable and eager to learn person. As of work hours, I can easily manage for
40 hours a week (if need be), as I haven't planned anything for the summer yet.

[1] https://github.com/psie/Linux/tree/master/OS_set2
[2] https://github.com/psie/ADS
[3] https://github.com/psie/256b_intro
[4] https://github.com/psie/Linux/blob/master/format%20string%20PoC/fs.rb


I am looking forward for feedback.
Thank you.

Regards,

Przemyslaw Sierocinski