{"id":"https://openalex.org/W4414290413","doi":"https://doi.org/10.1145/3767322","title":"SrFTL: Leveraging Storage Semantics for Effective Ransomware Defense in Flash-based SSDs","display_name":"SrFTL: Leveraging Storage Semantics for Effective Ransomware Defense in Flash-based SSDs","publication_year":2025,"publication_date":"2025-09-17","ids":{"openalex":"https://openalex.org/W4414290413","doi":"https://doi.org/10.1145/3767322"},"language":"en","primary_location":{"id":"doi:10.1145/3767322","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3767322","pdf_url":null,"source":{"id":"https://openalex.org/S158124317","display_name":"ACM Transactions on Storage","issn_l":"1553-3077","issn":["1553-3077","1553-3093"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Storage","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042911476","display_name":"Zhu Wei-dong","orcid":"https://orcid.org/0000-0002-9812-6634"},"institutions":[{"id":"https://openalex.org/I19700959","display_name":"Florida International University","ror":"https://ror.org/02gz6gg07","country_code":"US","type":"education","lineage":["https://openalex.org/I19700959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Weidong Zhu","raw_affiliation_strings":["Knight Foundation School of Computing and Information Sciences, Florida International University","Knight Foundation School of Computing and Information Sciences, Florida International University, Miami, United States"],"raw_orcid":"https://orcid.org/0000-0002-9812-6634","affiliations":[{"raw_affiliation_string":"Knight Foundation School of Computing and Information Sciences, Florida International University","institution_ids":["https://openalex.org/I19700959"]},{"raw_affiliation_string":"Knight Foundation School of Computing and Information Sciences, Florida International University, Miami, United States","institution_ids":["https://openalex.org/I19700959"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112306377","display_name":"Grant Hernandez","orcid":"https://orcid.org/0000-0002-2093-6223"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Grant Hernandez","raw_affiliation_strings":["Department of Computer and Information Science and Engineering, University of Florida","Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States"],"raw_orcid":"https://orcid.org/0000-0002-2093-6223","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida","institution_ids":["https://openalex.org/I33213144"]},{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062232064","display_name":"Washington Garc\u00eda","orcid":null},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Washington Garcia","raw_affiliation_strings":["Department of Computer and Information Science and Engineering, University of Florida","Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States"],"raw_orcid":"https://orcid.org/0009-0007-2059-3420","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida","institution_ids":["https://openalex.org/I33213144"]},{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015662045","display_name":"Dave Tian","orcid":"https://orcid.org/0000-0002-7506-9593"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dave (Jing) Tian","raw_affiliation_strings":["Department of Computer Science, Purdue University","Department of Computer Science, Purdue University, West Lafayette, United States"],"raw_orcid":"https://orcid.org/0000-0002-7506-9593","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Purdue University","institution_ids":["https://openalex.org/I219193219"]},{"raw_affiliation_string":"Department of Computer Science, Purdue University, West Lafayette, United States","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085837723","display_name":"Sara Rampazzi","orcid":"https://orcid.org/0000-0002-3630-6269"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sara Rampazzi","raw_affiliation_strings":["Department of Computer and Information Science and Engineering, University of Florida","Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States"],"raw_orcid":"https://orcid.org/0000-0002-3630-6269","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida","institution_ids":["https://openalex.org/I33213144"]},{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States","institution_ids":["https://openalex.org/I33213144"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039485542","display_name":"Kevin Butler","orcid":"https://orcid.org/0000-0002-7498-4239"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin R. B. Butler","raw_affiliation_strings":["Department of Computer and Information Science and Engineering, University of Florida","Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States"],"raw_orcid":"https://orcid.org/0000-0002-7498-4239","affiliations":[{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida","institution_ids":["https://openalex.org/I33213144"]},{"raw_affiliation_string":"Department of Computer and Information Science and Engineering, University of Florida, Gainesville, United States","institution_ids":["https://openalex.org/I33213144"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.26969131,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"21","issue":"4","first_page":"1","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.9553999900817871},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5182999968528748},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5074999928474426},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.376800000667572},{"id":"https://openalex.org/keywords/semantic-gap","display_name":"Semantic gap","score":0.36079999804496765},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.35580000281333923},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.3400999903678894},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.3375000059604645},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3203999996185303}],"concepts":[{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.9553999900817871},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8916000127792358},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5187000036239624},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5182999968528748},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5074999928474426},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.376800000667572},{"id":"https://openalex.org/C86034646","wikidata":"https://www.wikidata.org/wiki/Q474311","display_name":"Semantic gap","level":4,"score":0.36079999804496765},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.35580000281333923},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.3400999903678894},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.3375000059604645},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3203999996185303},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.31520000100135803},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.31290000677108765},{"id":"https://openalex.org/C194739806","wikidata":"https://www.wikidata.org/wiki/Q66221","display_name":"Computer data storage","level":2,"score":0.30979999899864197},{"id":"https://openalex.org/C529754248","wikidata":"https://www.wikidata.org/wiki/Q1054772","display_name":"Data recovery","level":2,"score":0.30979999899864197},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.3084999918937683},{"id":"https://openalex.org/C144745244","wikidata":"https://www.wikidata.org/wiki/Q4927286","display_name":"Blocking (statistics)","level":2,"score":0.3034999966621399},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.30239999294281006},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.29660001397132874},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.2964000105857849},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.29440000653266907},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.289900004863739},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.27489998936653137},{"id":"https://openalex.org/C193519340","wikidata":"https://www.wikidata.org/wiki/Q891179","display_name":"Data loss","level":2,"score":0.2685999870300293},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.26260000467300415}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3767322","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3767322","pdf_url":null,"source":{"id":"https://openalex.org/S158124317","display_name":"ACM Transactions on Storage","issn_l":"1553-3077","issn":["1553-3077","1553-3093"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Storage","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W2147407897","https://openalex.org/W2340222647","https://openalex.org/W2558619741","https://openalex.org/W2734941459","https://openalex.org/W2794357950","https://openalex.org/W2799908179","https://openalex.org/W2898763157","https://openalex.org/W3025569699","https://openalex.org/W3044316786","https://openalex.org/W3124976739","https://openalex.org/W3160893346","https://openalex.org/W4205549781","https://openalex.org/W4210316006","https://openalex.org/W4226079134","https://openalex.org/W4230647758","https://openalex.org/W4231165118","https://openalex.org/W4231669931","https://openalex.org/W4236918553","https://openalex.org/W4246068409","https://openalex.org/W4248587610","https://openalex.org/W4251430302","https://openalex.org/W4252315992","https://openalex.org/W4385152093"],"related_works":[],"abstract_inverted_index":{"Ransomware":[0],"attacks":[1],"have":[2],"become":[3],"increasingly":[4],"frequent":[5],"and":[6,15,80,105,153,164,177,186,239,250],"high-profile,":[7],"resulting":[8],"in":[9,13,24,157],"billions":[10],"of":[11,35,82,124,204,227,252],"dollars":[12],"data":[14,60,83,99,108,111,154,166,221],"operational":[16],"losses":[17],"annually.":[18],"Current":[19],"mechanisms":[20,42],"typically":[21],"deploy":[22],"defenses":[23,144,156],"vulnerable":[25],"operating":[26],"systems,":[27],"making":[28],"them":[29],"susceptible":[30],"to":[31,55,58,140,243],"advanced":[32],"adversaries":[33],"capable":[34],"compromising":[36],"the":[37,78,119,129,133,146,158,233,237,248],"OS.":[38],"While":[39],"implementing":[40],"defense":[41,94,116],"within":[43,118,145],"storage":[44],"devices":[45],"can":[46],"address":[47],"this":[48],"vulnerability,":[49],"they":[50],"lack":[51],"detection":[52,104,162],"accuracy":[53,163],"due":[54],"their":[56],"inability":[57],"access":[59],"semantics,":[61],"such":[62],"as":[63],"file":[64,241],"system":[65],"metadata.":[66],"Moreover,":[67,195],"these":[68],"methods":[69],"only":[70],"expose":[71],"block-level":[72],"interfaces":[73],"without":[74],"file-level":[75,107],"information,":[76],"limiting":[77],"usability":[79],"practicality":[81],"recovery":[84,109,155,222],"management.":[85],"Therefore,":[86],"we":[87],"develop":[88],"SrFTL":[89,114,127,149,172,196,218,230],",":[90],"a":[91,137,200,208],"novel":[92],"ransomware":[93,103,143,151,184,216,245],"framework":[95],"that":[96,171],"allows":[97],"leveraging":[98],"semantics":[100],"for":[101],"accurate":[102],"effective":[106],"against":[110,213],"compromise.":[112],"Specifically,":[113],"employs":[115],"enforcement":[117],"flash":[120],"translation":[121],"layer":[122],"(FTL)":[123],"SSDs.":[125],"Then,":[126],"combines":[128],"secure":[130,138],"enclave":[131],"with":[132,207,223],"modified":[134],"FTL":[135,238],"through":[136],"channel":[139],"enable":[141],"flexible":[142],"enclave.":[147],"Finally,":[148,211],"deploys":[150],"classification":[152],"enclave,":[159],"providing":[160],"high":[161],"low-cost":[165],"recovery.":[167],"Our":[168],"evaluation":[169],"demonstrates":[170],"achieves":[173],"zero":[174],"false":[175],"positives":[176],"negatives":[178],"when":[179],"detecting":[180],"our":[181],"collected":[182],"real-world":[183,215],"samples":[185],"benign":[187],"applications,":[188],"outperforming":[189],"current":[190],"FTL-level":[191],"solutions":[192],"(e.g.,":[193],"MimosaFTL).":[194],"introduces":[197],"on":[198],"average":[199,225],"trivial":[201],"performance":[202],"overhead":[203],"1.5%":[205],"compared":[206],"regular":[209],"SSD.":[210],"evaluating":[212],"multiple":[214],"samples,":[217],"enables":[219],"fast":[220],"an":[224],"time":[226],"9.3":[228],"seconds.":[229],"thus":[231],"bridges":[232],"semantic":[234],"gap":[235],"between":[236],"OS-level":[240],"information":[242],"stop":[244],"while":[246],"maintaining":[247],"integrity":[249],"authenticity":[251],"employed":[253],"defenses.":[254]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
