Memory management with explicit regions
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic Storage Allocation: A Survey and Critical Review
IWMM '95 Proceedings of the International Workshop on Memory Management
Uniprocessor Garbage Collection Techniques
IWMM '92 Proceedings of the International Workshop on Memory Management
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
STACS'99 Proceedings of the 16th annual conference on Theoretical aspects of computer science
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Bug isolation via remote program sampling
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Visualizing type qualifier inference with Eclipse
eclipse '04 Proceedings of the 2004 OOPSLA workshop on eclipse technology eXchange
Satisfiability-based framework for enabling side-channel attacks on cryptographic software
Proceedings of the conference on Design, automation and test in Europe: Designers' forum
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Type qualifier inference for java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Privacy-preserving remote diagnostics
Proceedings of the 14th ACM conference on Computer and communications security
Aiding side-channel attacks on cryptographic software with satisfiability-based analysis
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Panalyst: privacy-aware remote error analysis on commodity software
SS'08 Proceedings of the 17th conference on Security symposium
Debugging in the (very) large: ten years of implementation and experience
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Cooperative bug isolation: winning thesis of the 2005 ACM doctoral dissertation competition
Cooperative bug isolation: winning thesis of the 2005 ACM doctoral dissertation competition
Camouflage: automated anonymization of field data
Proceedings of the 33rd International Conference on Software Engineering
kb-anonymity: a model for anonymized behaviour-preserving test and debugging data
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
A method for safekeeping cryptographic keys from memory disclosure attacks
INTRUST'09 Proceedings of the First international conference on Trusted Systems
kbe-anonymity: test data anonymization for evolving programs
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
This paper presents Scrash, a system that safeguards user privacy by removing sensitive data from crash reports that are sent to developers after program failures. Remote crash reporting, while of great help to the developer, risks the user's privacy because crash reports may contain sensitive user information such as passwords and credit card numbers. Scrash modifies the source code of C programs to ensure that sensitive data does not appear in a crash report. Scrash adds only a small amount of run-time overhead and requires minimal involvement on the part of the developer.