Alohomora: Protecting files from ransomware attacks using fine-grained i/o whitelisting

Abstract

© 2022 ACM.We propose a novel whitelist-based anti-ransomware solution called alohomora. Alohomora is based on our observation that an I/O activity of an application can be an effective abstraction level for managing I/O whitelisting. In alohomora, when a write request is sent to an SSD, its program context value (which is supported by a host CPU register) is passed to the SSD. The SSD checks if the request was pre-approved using the program context value, thus preventing ransomware from modifying files in the SSD. Our experimental results using a prototype alohomora system show that alohomora can achieve a strong security level against sophisticated ransomware attacks without degrading I/O performance.