Abstract
In modern operating systems, when a process terminates, the data still remain in the memory for an uncertain time. In addition, encryption is insufficient because the keys may be leaked through some compulsory means. In this paper, we present a novel OS-level approach called DATAEvictor, which thoroughly and timely evicts the sensitive data not only in the user stack, heap, kernel stack, but also in page cache, kernel buffer, slab objects and virtual memory swap when the process terminates. It aims to cut short the lifetime of sensitive data in memory as early as possible, so as to reduce the possibility of these data being leaked. DATAEvictor provides a “private mode” execution for any application according to user requirements, and just needs an appropriate code extension to the Linux kernel sources. The results of performance evaluation show that the implementation of DATAEvictor only results in a reasonable system performance loss.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lyman, J.: Security: TaintBochs testing highlights the persistence of OS memory. http://archive09.linux.com/feature/36916. Accessed 22 June 2004
Dunn, A.M., Lee, M.Z., Jana, S., Kim, S., Silberstein, M., Xu, Y., Shmatikov, V., Witchel, E.: Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels, In: OSDI 2012 (2012)
Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th Conference on USENIX Security Symposium, 09–13 August 2004
Czeskis, A., Hilaire, D.J.S., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications. In: Proceedings of the 3rd Conference on Hot Topics in Security, 29 July 2008 (2008)
Google Project Hosting. LiME-Linux memory extractor. http://code.google.com/p/lime-forensics/
The Volatility Framework. https://code.google.com/p/volatility/
Kannan, J., Altekar, G., Maniatis, P., Chun, B.-G.: Making programs forget: enforcing lifetime for sensitive data. In: Proceedings of the 13th USENIX Conference on Hot Topics in Operating Systems, 09–11 May 2011
Dorrendorf, L.: Protecting Drive Encryption Systems Against Memory Attacks. IACR Cryptology ePrint Archive (2011)
Peterson, P.A.H.: Cryptkeeper: improving security with encrypted RAM. In: Proceedings of the IEEE International Conference on Technologies for Homeland Security (2010)
Provos, N.: Encrypting virtual memory. In: Proceedings of the 9th Conference on USENIX Security Symposium, p. 3, 14–17 August 2000
Onarlioglu, K., Mulliner, C., Robertson, W., Kirda, E.: PRIVEXEC: private execution as an operating system service. In IEEE Symposium on S&P (2013)
Thing, V.L.L., Ying, H.-M.: A novel time-memory trade-off method for password recovery. In: Proceedings of the Ninth Annual DFRWS Conference, vol. 6, Supplement, pp. S114–S120, September 2009
Homepage of the PaX team. http://pax.grsecurity.net
Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding your garbage: reducing data lifetime through secure deallocation. In: Proceedings of the 14th Conference on USENIX Security Symposium, 31 July–05 August 2005
A new type of attack (2005). http://tech.163.com/05/1228/13/262HR1J000091KUI.html
Gubanovis, Y., Afonin, O.: Catching the Ghost: How to Discover Ephemeral Evidence through Live RAM Analysis (2013). http://forensic.belkasoft.com/download/info/Live_RAM_-Analysis_in_Digital_Forensics.pdf
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M.: Data lifetime is a systems problem. In: ACM SIGOPS European Workshop, 19–22 September 2004
Halderman, J.A, Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attack on encryption keys. In: USENIX Security Symposium (2008)
Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)
Harrison, K., Xu, S.: Protecting cryptographic keys from memory disclosure attacks. In: IEEE/IFIP International Conference on DSN (2007)
Oberheide, J., Rosenberg, D.: Stackjacking your way to grsecurity/PaX bypass (2011). https://jon.oberheide.org/files/stackjacking-hes11.pdf
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proceedings of the 6th USENIX Security Symposium (1996)
Hamilton, T.: ‘Error’ sends bank files to eBay. Toronto Star, 15 September 2003 (2003)
Perlman, R.: File system design with assured delete. In: Proceedings of the Third IEEE International Security in Storage Workshop, pp. 83–88 (2005)
Crypto Introduction: http://www.gnu.org/software/gnu-crypto/
Evolution of Integrity Checking with Intel® Trusted Execution Technology: an Intel IT Perspective. http://www.intel.cn/content/www/cn/zh/pc-security/intel-it-security-trusted-execution-technology-paper.html
McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP, 2013, vol. 13, p. 10 (2013)
Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM (2013)
Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for cpu based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP (2013)
Graziano, M., Lanzi, A., Balzarotti, D.: Hypervisor memory forensics. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 21–40. Springer, Heidelberg (2013)
Petroni, N.L., Walters, A., Fraser, T., Arbaugh, W.A.: FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Invest. 3(4), 197–210 (2006)
Ubuntu Software Center:http://www.ubuntu.org.cn/ubuntu/features/ubuntu-software-centre
HHD Software Ltd. Free Hex Editor Neo. http://www.hhdsoftware.com/free-hex-editor
Bonnie++. http://www.coker.com.au/bonnie++/
Sissel, J. (a hacker): Xdotool - fake keyboard/mouse input, window management, and more. http://www.semicomplete.com/projects/xdotool/. Posted Sun, 21 July 2013
Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. USENIX Association (2014)
Suh, G.E., Clarke, D., Gassend, B., Van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Annual International Conference on Supercomputing. ACM (2003)
Suh, G.E., Clarke, D., Gassend, B., Dijk, M.V., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society (2003)
Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an untrusted operating system on trusted hardware. In: ACM SIGOPS Operating Systems Review. ACM (2003)
Champagne, D., Lee, R.B.: Scalable architectural support for trusted software. In: 2010 IEEE 16th International Symposium on High Performance Computer Architecture (HPCA). IEEE (2010)
Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, M.: Secureme: a hardware-software approach to full system security. In: Proceedings of the International Conference on Supercomputing. ACM (2011)
Viega, J.: Protecting sensitive data in memory (2001). http://www.ibm.com/developerworks/library/s-data.html?n-s-311
Ford, B., Cox, R.: Vx32: lightweight, user-level sandboxing on the x86. In: USENIX Annual Technical Conference (2008)
Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native client: a sandbox for portable, untrusted x86 native code. In: IEEE Symposium on Security and Privacy (2009)
Borders, K., Vander Weele, E., Lau, B., Prakash, A.: Protecting confidential data on personal computers with storage capsules. In: USENIX Security Symposium (2009)
Tang, Y., Ames, P., Bhamidipati, S., Bijlani, A., Geambasu, R., Sarda, N.: CleanOS: limiting mobile data exposure with idle eviction. In: USENIX Conference on Operating Systems Design and Implementation (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhu, M., Tu, B., You, R., Li, Y., Meng, D. (2015). DATAEvictor: To Reduce the Leakage of Sensitive Data Targeting Multiple Memory Copies and Data Lifetimes. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-27998-5_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27997-8
Online ISBN: 978-3-319-27998-5
eBook Packages: Computer ScienceComputer Science (R0)