Paper Title: A Certification Program for Sanitizing SSDs

Paper Abstract: User data must be removed entirely from SSDs before they are discarded or reused. Failure to do so can lead to serious security or privacy violations. However, there are no standards for such removal (usually called “sanitization”), so there is no guarantee that it has been done properly and risk has been minimized. Several companies have recently launched an initiative to develop a certification program for sanitization of SSDs. The goal is to develop a compliance testing standard similar to the NIST Cryptographic Module Validation Program. Progress has been made in reaching that goal, and more participation in the development is welcome.

Paper Author: Paul Suhler, Storage Architect, Micron Technology

Author Bio: Paul Suhler is a storage architect in SSD engineering at Micron Technology, where he is responsible for NVMe interfaces and for educating internal teams as well as customers. He is Micron's primary representative to the NVMe Technical Work Group to which he has contributed many proposals. He is also active in the SFF Technical Work Group, having chaired working groups on the U.3 specification, Ethernet drive connectors, and Ethernet speed negotiation. He has worked in the data storage industry for over twenty years at companies including HGST, Quantum, Seagate, and Adaptec. He has also been a member of the research faculty at the University of Southern California. He received the INCITS Technical Excellence Award, and is a Senior Member of IEEE. He holds a PhD and BS in computer engineering from the University of Texas at Austin, and an MS in computer engineering from the University of California, Berkeley. He is the author of papers and journal articles on parallel computing.