DIGITAL LIFE

A retention-aware system turns a computer's storage chip into a cybersecurity shield

Hackers are ruthless. They can take control of your computer, delete files and disappear without a trace. However, FIU cybersecurity researcher Weidong Zhu has discovered a way to transform a computer's storage chip into an additional tool for cyber defense. Working with collaborators at the University of Florida, Zhu created a system that makes data on these chips last longer—extending the lifespan of your files in the critical window after your computer is compromised. The work is published in the journal Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security.

"Our system extends recoverable data history up to 126 days," said Zhu, an assistant professor at FIU's Knight Foundation School of Computing & Information Sciences whose work is part of the Center for Integrated Security, Privacy, and Trustworthy AI (CIERTA). "Even if your computer is infected, your data can survive on your drive."

Storage chips, known as solid-state drives (SSDs), have intrigued cybersecurity researchers for years. As hardware—not software—they offer unique safety benefits during an attack.

"Think of it like a vault inside a bank," Zhu said. "The bank [operating system] might get robbed, but if the vault [SSD controller] has its own independent lock and its own security guard, the robbers can't crack it just because they got past the front door."

However, turning that security potential into real-world value has proven difficult.

Repurposing a solid-state drive to do both defense and storage is tricky. Defense improvements can burden the SSDs, slowing them down and reducing performance. Without solving that problem, the chips aren't practical for cybersecurity.

"This is the problem we have solved, helping to clear the way for storage devices to become a major asset in the fight against hackers," Zhu said.

Current SSDs blindly perform what engineers call "garbage collection": They have no awareness of when data has been deleted, making them poor custodians of the files most likely to have been targeted in an attack.

To understand why that matters, think of the data on your computer as living across different worlds.

In the first world lives everything you use: your documents, your photos, your apps. Then, there's a world of oblivion: data there is gone forever, overwritten at the hardware level, irrecoverable by anyone.

But there is a second world in between the two. Call it the In-Between (Stranger Things fans, this one's for you): a kind of purgatory where files go after you delete them, but before the chip permanently erases them to free up space. Here, your deleted files aren't quite gone. They've lost their names and file types to conserve room on the chip, but they still exist in fragments.

This is the world that fascinates Zhu. If an attacker deletes or encrypts your files, you could reach into the In-Between and pull your data back out before it disappears forever. The problem is that today's SSDs manage the In-Between carelessly.

When the chip fills up past a certain threshold, it clears out deleted data to make room for new files. But it makes that decision based on efficiency alone: which data looks the most fragmented, and which takes up the most space. It has no awareness of how recently files were deleted.

That is a serious problem if your computer has just suffered a ransomware attack. The files you most urgently need to recover—the ones deleted yesterday, or an hour ago—could be swept away first, while unimportant files that have been sitting untouched for weeks survive.

Zhu's system fixes this. By sequencing deleted data chronologically as it enters the chip so its position reflects its age, the SSD gains the ability to identify which files have been sitting in the In-Between the longest. The new rule for garbage collection becomes simple: the oldest deleted data goes first. More recently deleted files that are the most likely to matter stay protected as long as possible.

The research shows that the approach improves the data protection window by at least 60% while introducing minimal performance overhead. In other words, the system makes SSDs practical for both defense and storage.

Today, Zhu is in talks with industry leaders on how to implement the system at scale.

"Hackers are powerful. But the storage device itself can be the last line of defense for your data. This is a new area, and we are just beginning," Zhu says.

A retention-aware system is a breakthrough cybersecurity approach that transforms standard SSDs into ransomware shields. By chronologically sequencing deleted data as it enters the drive, the system ensures that when hackers overwrite files, unimportant data is deleted first. This protects your recently deleted, critical files and improves data protection windows by over 60%

How the system rotects your data...This approach tackles a major flaw in traditional solid-state drives: they usually have no awareness of how recently files were deleted, making recovering files from a ransomware attack difficult.

Chronological sequencing: The system structures deleted data based on its exact age.Intelligent 

Garbage collection: When the SSD needs to clear space, it follows a new rule: the oldest deleted data goes first.

Protection window: More recently deleted files—which are exactly the ones you desperately need to recover after an attack—are left protected for as long as possible.

Key hardware & storage security innovations...Hardware manufacturers and researchers are continuously introducing native storage-level defenses to make hardware the ultimate line of defense against modern threats:

Hardware-based ransomware defenses: Innovative architecture natively logs data transactions within the drive pipeline, preventing attackers from tampering with logs or obfuscating file changes at the OS level.

Active physical shielding: Storage chips (like embedded FerriSSDs) use hidden eFuses and physical anti-tamper shields that trigger emergency rapid-erase sequences if hardware interference or physical tampering is detected.

Real-time encryption: Self-encrypting drives (SEDs) use processors to automatically encrypt data at the hardware level, keeping data secure at rest before the host operating system even gets involved.

Provided by Florida International University