A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
StegFS: A Steganographic File System for Linux
IH '99 Proceedings of the Third International Workshop on Information Hiding
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Secure deletion myths, issues, and solutions
Proceedings of the second ACM workshop on Storage security and survivability
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Secure deletion for a versioning file system
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Data remanence in semiconductor devices
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Secure data deletion for Linux file systems
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting Cryptographic Keys from Memory Disclosure Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Privacy and security: Usable security: how to get it
Communications of the ACM - Scratch Programming for All
The ephemerizer: making data disappear
The ephemerizer: making data disappear
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Protecting confidential data on personal computers with storage capsules
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Deniable cloud storage: sharing files via public-key deniability
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Reliably erasing data from flash-based solid state drives
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Tightlip: keeping applications from spilling the beans
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Making programs forget: enforcing lifetime for sensitive data
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Data node encrypted file system: efficient secure deletion for flash memory
Security'12 Proceedings of the 21st USENIX conference on Security symposium
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
RowClone: fast and energy-efficient in-DRAM bulk data copy and initialization
Proceedings of the 46th Annual IEEE/ACM International Symposium on Microarchitecture
| Hi-index | 0.00 |
Modern systems keep long memories. As we show in this paper, an adversary who gains access to a Linux system, even one that implements secure deallocation, can recover the contents of applications' windows, audio buffers, and data remaining in device drivers--long after the applications have terminated. We design and implement Lacuna, a system that allows users to run programs in "private sessions." After the session is over, all memories of its execution are erased. The key abstraction in Lacuna is an ephemeral channel, which allows the protected program to talk to peripheral devices while making it possible to delete the memories of this communication from the host. Lacuna can run unmodified applications that use graphics, sound, USB input devices, and the network, with only 20 percentage points of additional CPU utilization.