In modern operating systems, when a process terminates, the data still remain in the memory for an uncertain time. In addition, encryption is insufficient because the keys may be leaked through some compulsory means. In this paper, we present a novel OS-level approach called DATAEvictor, which thoroughly and timely evicts the sensitive data not only in the user stack, heap, kernel stack, but also in page cache, kernel buffer, slab objects and virtual memory swap when the process terminates. It aims to cut short the lifetime of sensitive data in memory as early as possible, so as to reduce the possibility of these data being leaked. DATAEvictor provides a “private mode” execution for any application according to user requirements, and just needs an appropriate code extension to the Linux kernel sources. The results of performance evalu- ation show that the implementation of DATAEvictor only results in a reasonable system performance loss.
CITATION STYLE
Zhu, M., Tu, B., You, R., Li, Y., & Meng, D. (2015). DATAEvictor: To reduce the leakage of sensitive data targeting multiple memory copies and data lifetimes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9473, pp. 328–345). Springer Verlag. https://doi.org/10.1007/978-3-319-27998-5_21
Mendeley helps you to discover research relevant for your work.