Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Automatic pool allocation: improving performance by controlling data structure layout in the heap
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Language-Based Information Erasure
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Free-Me: a static analysis for automatic individual object reclamation
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Data Sandboxing: A Technique for Enforcing Confidentiality Policies
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Data remanence in semiconductor devices
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An overview of the saturn project
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Uniqueness inference for compile-time object deallocation
Proceedings of the 6th international symposium on Memory management
Demand-driven alias analysis for C
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
End-to-End Enforcement of Erasure and Declassification
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Cling: A memory allocator to mitigate dangling pointers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
CloudSweeper: enabling data-centric document management for secure cloud archives
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Minimizing lifetime of sensitive data in concurrent programs
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
We describe SWIPE, an approach to reduce the life time of sensitive, memory resident data in large scale applications written in C. In contrast to prior approaches that used a delayed or lazy approach to the problem of erasing sensitive data, SWIPE uses a novel eager erasure approach that minimizes the risk of accidental sensitive data leakage. SWIPE achieves this by transforming a legacy C program to include additional instructions that erase sensitive data immediately after its intended use. SWIPE is guided by a highly-scalable static analysis technique that precisely identifies the locations to introduce erase instructions in the original program. The programs transformed using SWIPE enjoy several additional benefits: minimization of leaks that arise due to data dependencies; erasure of sensitive data with minimal developer guidance; and negligible performance overheads.