Michael J. May, Etamar Laron, Khalid Zoabi, and Havah Gerhardt. 2019. On the Lifecycle of the File. ACM Transactions on Storage; Vol 15 Issue 1, Article 1 (February 2019), 45 pages. New York, NY USA. DOI: https://doi.org/10.1145/3295463
Michael J. May, Etamar Laron. 2019. Combating Ransomware Using Content Analysis and Complex File Events. IEEE, IFIP International Conference on New Technologies, Security and Mobility (June 2019), 8 pages. New York, NY USA.
Users and OSs have vastly different views of files. OSs use files to persist data and structured information. To accomplish this, OSs treat files as named collections of bytes managed in hierarchical file systems. Despite a critical role in computing, little attention is paid to the lifecycle of the file, the evolution of its contents, or the evolution of file metadata. In contrast, users have rich mental models of files: they group files into projects, send data repositories to others, work on documents over time, and stash them aside for future use.
Current OSs and Revision Control Systems ignore such mental models, persisting a selective, manually designated history of revisions. Preserving the mental model allows applications to better match how users view their files, making file processing and archiving tools more effective. We propose two mechanisms OSs can adopt to better preserve the mental model: File Lifecycle Events (FLEs) that record a file’s progression and Complex File Events (CFEs) that combine them into meaningful patterns. We present CoFEE, an engine that uses filesystem monitoring and an extensible rulebase to detect FLEs and convert them into complex ones. CFEs are persisted in NoSQL stores for later querying.
Crypto-ransomware are programs which encrypt files and demand payment for the resumption of use. A common tactic to combat ransomware is file monitoring for suspicious modifications and recovery from (automatically maintained) backups. We offer two techniques to improve the state of the art: the consideration of the file lifecycle and the use of content analysis.