Preventing attacks on protection storage using delete restriction

What is claimed is: 1. A computer-implemented method of preventing unwanted deletion of data in a system, comprising: identifying, by a well-known process (WKP) data that no longer needs to be retained by an application program; maintaining, by the WKP, a WKP expiration list (WEL) having a set of timestamps and a list of buckets, wherein each bucket contains hashes of data elements marked as expired; iteratively adding hashes to each bucket upon successive invocations of the WKP in the system; re-confirming, by the WKP, that hashes in each bucket are still considered to be expired after a defined number of invocations of the WKP; and marking re-confirmed hashes for ultimate deletion by the system. 2. The method of claim 1 wherein the identifying step identifies a data element that is no longer used by a data asset of the system, and that has expired based on a controlling policy, wherein data expiration comprises at least one of: data subject to a deletion operation, data older than a defined age threshold, data marked as corrupted, and data overwritten by newer data. 3. The method of claim 2 wherein the WKP comprises a backup or migration operation. 4. The method of claim 1 wherein the controlling policy comprises a backup policy identifying data to be backed up or moved from local storage to secondary storage at a defined time period based on at least one of: data source, data type, and data age. 5. The method of claim 1 further comprising adding a corresponding timestamp to the WEL each time the WKP is executed and identifies an expired data element. 6. The method of claim 5 wherein a number of timestamps per bucket list comprises a confirmation count for a respective bucket. 7. The method of claim 6 wherein the re-confirming step comprises confirming that hashes in a bucket have been confirmed a minimum number of times for deletion, and marking re-confirmed hashes in a respective bucket as candidates for data deletion. 8. The method of claim 7 further comprising listing, in a data delete confirmed list (DDCL), the hashes marked as candidates for data deletion by a data operation such as backup performed by the system. 9. The method of claim 8 further comprising removing oldest timestamp and oldest bucket of hashes marked as candidates for data deletion in the DDCL from the WEL. 10. The method of claim 9 further comprising prohibiting alteration of a confirmation count in the WEL once the WEL is created, so as to prevent attacks or unwanted changes to the confirmation count. 11. A computer-implemented method of preventing unwanted deletion of data in a system, comprising: facilitating execution of an application program; identifying, by a well-known process (WKP) data that no longer needs to be retained by the application program; first maintaining a WKP expiration list (WEL) having timestamps of expiration and corresponding hashes of expired data elements; second maintaining a Data Delete Confirmed List (DDCL) storing hashes marked as candidates for data deletion in a garbage collection operation performed by the system; third maintaining a single Garbage Collection List (GCL) by a Garbage Collection (GC) process listing hashes and associated timestamps from the DDCL; and permanently deleting data for the hashes listed in the GCL upon execution of a next GC operation. 12. The method of claim 11 wherein a valid application comprises a computer application provided by a valid vendor and that operates on a hash-based system that does not remove data based on a single delete request, but instead permanently deletes data in a separate operation. 13. The method of claim 11 further comprising finding data hashes that exist in both the DDCL and the GCL to identify data for permanent deletion, by merging, in a first phase of deletion, a list that merges the hashes in the DDCL and GCL. 14. The method of claim 13 wherein hashes that exist in both the DDCL and GCL represent data that is deemed unnecessary by the GC process and has confirmed by a WKP data expiration process. 15. The method of claim 14 wherein the WKP comprises a backup or migration operation, and wherein the data expiration process is triggered regularly during backup in a data protection system according to a defined schedule. 16. The method of claim 15 wherein the data expiration involves a data element that is no longer used by a data asset of the system, and that has expired based on a controlling policy, wherein data expiration comprises at least one of: data subject to a deletion operation, data older than a defined age threshold, data marked as corrupted, and data overwritten by newer data, and further wherein the controlling policy comprises a backup policy identifying data to be backed up or moved from local storage to secondary storage at a defined time period based on at least one of: data source, data type, and data age. 17. The method of claim 11 further comprising: storing the timestamps of expiration and corresponding hashes of expired data elements in separate buckets of the WEL; and maintaining a confirmation count for each bucket, wherein the confirmation count iteratively counts a number of times a hash in a bucket is marked for deletion upon each invocation of the WKP. 18. The method of claim 17 further comprising removing oldest timestamps for corresponding hashes marked as candidates for data deletion in the DDCL from the WEL. 19. A computer-implemented method of preventing unwanted deletion of data in a system, comprising: facilitating execution of an application program; identifying, by a well-known process (WKP) data that no longer needs to be retained by the application program; first maintaining a WKP expiration list (WEL) having timestamps of expiration and corresponding hashes of expired data elements; second maintaining a Data Delete Confirmed List (DDCL) storing hashes marked as candidates for data deletion in a garbage collection operation performed by the system; third maintaining a single Garbage Collection List (GCL) by a Garbage Collection (GC) process listing hashes and associated timestamps from the DDCL; and moving, by the GC process, data for the hashes listed in the DDCL to the GCL upon execution of a next GC operation, instead of deleting said data.