s4.ps -  "Self-Securing Storage:  Protecting Data in Compromised Systems"
       by John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, 
          Craig A.N. Soules, Gregory R. Ganger,
       Carnegie Mellon University.  October 2000.  15 pp.

Describes a server, S4, that protects operating systems from hostile 
manipulation by keeping copies of modified files for a time, allowing
system administrators to notice the change and repair.

Abstract

"Self-securing storage prevents intruders from undtectably tampering
with or permanently deleting stored data.  To accomplish this, self-
securing storage devices internally audit all requests and keep old
versions of data for a window of time, regardless of the commands 
received from potentially compromised host operating systems.  Within
the window, system administrators have this valuable information for
intrusion diagnosis and recovery.  Our implementation, called S4,
combines log-structuring with journal-based metadata to minimize 
the performance costs of comprehensive versioning.  Experiments show
that self-securing storage devices can deliver performance that is
comparable with conventional storage systems.  In addition, analyses
indicate that several weeks worth of all versions can be reasonably
kept on state-of-the-art disks, especially when differencing and
compression technologies are employed."