A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Memory management with explicit regions
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Memory resource management in VMware ESX server
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Toward a threat model for storage systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Secure deletion for a versioning file system
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Parallelizing security checks on commodity hardware
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Implementing Trusted Terminals with a and SITDRM
Electronic Notes in Theoretical Computer Science (ENTCS)
When cryptography meets storage
Proceedings of the 4th ACM international workshop on Storage security and survivability
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Residue objects: a challenge to web browser security
Proceedings of the 5th European conference on Computer systems
ReFormat: automatic reverse engineering of encrypted messages
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A survey of confidential data storage and deletion methods
ACM Computing Surveys (CSUR)
Automatically identifying critical input regions and code in applications
Proceedings of the 19th international symposium on Software testing and analysis
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Building disclosure risk aware query optimizers for relational databases
Proceedings of the VLDB Endowment
LeakProber: a framework for profiling sensitive data leakage paths
Proceedings of the first ACM conference on Data and application security and privacy
Memory deduplication as a threat to the guest OS
Proceedings of the Fourth European Workshop on System Security
Making programs forget: enforcing lifetime for sensitive data
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
SPARC: a security and privacy aware virtual machinecheckpointing mechanism
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
SWIPE: eager erasure of sensitive data in large scale systems software
Proceedings of the second ACM conference on Data and Application Security and Privacy
A method for safekeeping cryptographic keys from memory disclosure attacks
INTRUST'09 Proceedings of the First international conference on Trusted Systems
The impact of Microsoft Windows pool allocation strategies on memory forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A survey of main memory acquisition and analysis techniques for the windows operating system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Treasure and tragedy in kmem_cache mining for live forensics investigation
Digital Investigation: The International Journal of Digital Forensics & Incident Response
The persistence of memory: Forensic identification and extraction of cryptographic keys
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Searching for processes and threads in Microsoft Windows memory dumps
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Data node encrypted file system: efficient secure deletion for flash memory
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Preventing malicious data harvesting from deallocated memory areas
Proceedings of the 6th International Conference on Security of Information and Networks
RowClone: fast and energy-efficient in-DRAM bulk data copy and initialization
Proceedings of the 46th Annual IEEE/ACM International Symposium on Microarchitecture
Back to the future: fault-tolerant live update with time-traveling state transfer
LISA'13 Proceedings of the 27th international conference on Large Installation System Administration
Minimizing lifetime of sensitive data in concurrent programs
Proceedings of the 4th ACM conference on Data and application security and privacy
The impact of the antivirus on the digital evidence
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.00 |
Today's operating systems, word processors, web browsers, and other common software take no measures to promptly remove data from memory. Consequently, sensitive data, such as passwords, social security numbers, and confidential documents, often remains in memory indefinitely, significantly increasing the risk of exposure. We present a strategy for reducing the lifetime of data in memory called secure deallocation. With secure deal-location we zero data either at deallocation or within a short, predictable period afterward in general system allocators (e.g. user heap, user stack, kernel heap). This substantially reduces data lifetime with minimal implementation effort, negligible overhead, and without modifying existing applications. We demonstrate that secure deallocation generally clears data immediately after its last use, and that without such measures, data can remain in memory for days or weeks, even persisting across reboots. We further show that secure deallocation promptly eliminates sensitive data in a variety of important real world applications.