SWIPE: eager erasure of sensitive data in large scale systems software

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2012-02-07 DOI:10.1145/2133601.2133638

Kalpana Gondi, Prithvi Bisht, Praveen Venkatachari, A. Sistla, V. Venkatakrishnan

{"title":"SWIPE: eager erasure of sensitive data in large scale systems software","authors":"Kalpana Gondi, Prithvi Bisht, Praveen Venkatachari, A. Sistla, V. Venkatakrishnan","doi":"10.1145/2133601.2133638","DOIUrl":null,"url":null,"abstract":"We describe SWIPE, an approach to reduce the life time of sensitive, memory resident data in large scale applications written in C. In contrast to prior approaches that used a delayed or lazy approach to the problem of erasing sensitive data, SWIPE uses a novel eager erasure approach that minimizes the risk of accidental sensitive data leakage. SWIPE achieves this by transforming a legacy C program to include additional instructions that erase sensitive data immediately after its intended use. SWIPE is guided by a highly-scalable static analysis technique that precisely identifies the locations to introduce erase instructions in the original program. The programs transformed using SWIPE enjoy several additional benefits: minimization of leaks that arise due to data dependencies; erasure of sensitive data with minimal developer guidance; and negligible performance overheads.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"7 1","pages":"295-306"},"PeriodicalIF":0.0000,"publicationDate":"2012-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2133601.2133638","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

We describe SWIPE, an approach to reduce the life time of sensitive, memory resident data in large scale applications written in C. In contrast to prior approaches that used a delayed or lazy approach to the problem of erasing sensitive data, SWIPE uses a novel eager erasure approach that minimizes the risk of accidental sensitive data leakage. SWIPE achieves this by transforming a legacy C program to include additional instructions that erase sensitive data immediately after its intended use. SWIPE is guided by a highly-scalable static analysis technique that precisely identifies the locations to introduce erase instructions in the original program. The programs transformed using SWIPE enjoy several additional benefits: minimization of leaks that arise due to data dependencies; erasure of sensitive data with minimal developer guidance; and negligible performance overheads.

查看原文本刊更多论文

SWIPE:大规模系统软件中敏感数据的快速擦除

我们描述了SWIPE，一种在c语言编写的大规模应用程序中减少敏感内存驻留数据的生命周期的方法。与之前使用延迟或惰性方法擦除敏感数据问题的方法相比，SWIPE使用了一种新颖的渴望擦除方法，将意外敏感数据泄漏的风险降至最低。SWIPE通过将遗留的C程序转换为包含在预期使用后立即擦除敏感数据的附加指令来实现这一点。SWIPE由高度可扩展的静态分析技术指导，该技术可以精确地识别在原始程序中引入擦除指令的位置。使用SWIPE转换的程序还有几个额外的好处:最大限度地减少由于数据依赖而产生的泄漏;以最少的开发人员指导删除敏感数据;性能开销可以忽略不计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy

自引率

0.00%

发文量