ABSTRACT
We describe SWIPE, an approach to reduce the life time of sensitive, memory resident data in large scale applications written in C. In contrast to prior approaches that used a delayed or lazy approach to the problem of erasing sensitive data, SWIPE uses a novel eager erasure approach that minimizes the risk of accidental sensitive data leakage. SWIPE achieves this by transforming a legacy C program to include additional instructions that erase sensitive data immediately after its intended use. SWIPE is guided by a highly-scalable static analysis technique that precisely identifies the locations to introduce erase instructions in the original program. The programs transformed using SWIPE enjoy several additional benefits: minimization of leaks that arise due to data dependencies; erasure of sensitive data with minimal developer guidance; and negligible performance overheads.
- Resouce Standard Metrics. http://msquaredtechnologies.com.Google Scholar
- StackOverflow. http://stackoverflow.com/questions.Google Scholar
- Aiken, A., Bugrara, S., Dillig, I., Dillig, T., Hackett, B., and Hawkins, P. An Overview of the Saturn Project. In Program Analysis for Software Tools and Engineering (San Diego, CA, 2007). Google ScholarDigital Library
- Akritidis, P. Cling: A Memory Allocator to Mitigate Dangling Pointers. In USENIX Security Symposium (Washington, DC, 2010). Google ScholarDigital Library
- Andersenm, L. O. Program Analysis and Specialization for the C Programming Language. Tech. rep., 1994.Google Scholar
- Austin, T. M., Breach, S. E., and Sohi, G. S. Efficient Detection of All Pointer and Array Access Errors. In Programming Language Design and Implementation (Orlando, FL, 1994). Google ScholarDigital Library
- Avots, D., Dalton, M., Livshits, V. B., and Lam, M. S. Improving Software Security with a C Pointer Analysis. In International conference on Software engineering (St. Louis, MO, 2005). Google ScholarDigital Library
- Boehm, H.-J. A Garbage Collector for C and CGoogle Scholar
- . http://www.hpl.hp.com/personal/Hans\_Boehm/gc, 2002.Google Scholar
- Broadwell, P., Harren, M., and Sastry, N. Scrash: A System for Generating Secure Crash Information. In USENIX Security Symposium (Washington, DC, 2003). Google ScholarDigital Library
- Cherem, S., and Rugina, R. Uniqueness Inference for Compile-time Object Deallocation. In International Symposium on Memory Management (Montreal, Quebec, Canada, 2007). Google ScholarDigital Library
- Chong, S., and Myers, A. C. Language-Based Information Erasure. In Computer Security Foundations Workshop (Aix-en-Provence, France, 2005). Google ScholarDigital Library
- Chong, S., and Myers, A. C. End-to-End Enforcement of Erasure and Declassification. In Computer Security Foundations Symposium (Pittsburgh, PA, 2008). Google ScholarDigital Library
- Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., and Rosenblum, M. Understanding Data Lifetime via Whole System Simulation. In USENIX Security Symposium (San Diego, CA, 2004). Google ScholarDigital Library
- Chow, J., Pfaff, B., Garfinkel, T., and Rosenblum, M. Shredding Your Garbage: Reducing Data Lifetime through Secure Deallocation. In USENIX Security Symposium (Baltimore, MD, 2005). Google ScholarDigital Library
- Dor, N., Rodeh, M., and Sagiv, M. CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C. In Programming Language Design and Implementation (San Diego, CA, 2003). Google ScholarDigital Library
- Ganapathy, V., Jha, S., Chandler, D., Melski, D., and Vitek, D. Buffer Overrun Detection using Linear Programming and Static Analysis. In Computer and Communications Security (Washington D.C., 2003). Google ScholarDigital Library
- Gutmann, P. Secure Deletion of Data from Magnetic and Solid-state Memory. In USENIX Security Symposium (San Jose, California, 1996). Google ScholarDigital Library
- Gutmann, P. Data Remanence in Semiconductor Devices. In USENIX Security Symposium (Washington, DC, 2001). Google ScholarDigital Library
- Guttman, P. Software Leaves Encryption Keys, Passwords Lying around in Memory. Security Focus Vuln Dev Mailing List, 2002.Google Scholar
- Guyer, S. Z., McKinley, K. S., and Frampton, D. Free-Me: A Static Analysis for Automatic Individual Object Reclamation. In Programming Language Design and Implementation (Ottawa, Ontario, Canada, 2006). Google ScholarDigital Library
- Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A., Feldman, A. J., Appelbaum, J., and Felten, E. W. Lest We Remember: Cold Boot Attacks on Encryption Keys. In Usenix Security Symposium (San Jose, CA, 2008). Google ScholarDigital Library
- Jones, R. W. M., H J Kelly, P., and Most C, and Uncaught Errors. Backwards-compatible Bounds Checking for Arrays and Pointers in C Programs. In HP Labs Tech Report (1997).Google Scholar
- Khatiwala, T., Swaminathan, R., and Venkatakrishnan, V. Data Sandboxing: A Technique for Enforcing Confidentiality Policies. In Annual Computer Security Applications Conference (Miami Beach, FL, 2006). Google ScholarDigital Library
- Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M. F., Kohler, E., and Morris, R. Information Flow Control for Standard OS Abstractions. In Symposium on Operating Systems Principles (Washington, WA, 2007). Google ScholarDigital Library
- Larochelle, D., and Evans, D. Statically Detecting Likely Buffer Overflow Vulnerabilities. In USENIX Security Symposium (Washington, D.C., 2001). Google ScholarDigital Library
- Lattner, C., and Adve, V. Automatic Pool Allocation: Improving Performance by Controlling Data Structure Layout in the Heap. In Programming Language Design and Implementation (Chicago, IL, 2005). Google ScholarDigital Library
- McCune, J. M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., and Perrig, A. TrustVisor: Efficient TCB Reduction and Attestation. In IEEE Symposium on Security and Privacy (Oakland, CA, 2010). Google ScholarDigital Library
- Necula, G. C., McPeak, S., Rahul, S. P., and Weimer, W. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In Conference on Compiler Construction (Grenoble, France, 2002). Google ScholarDigital Library
- Necula, G. C., McPeak, S., and Weimer, W. CCured: Type-safe Retrofitting of Legacy Code. In Principles of Programming Languages (Portland, OR, 2002). Google ScholarDigital Library
- Nystrom, E. M., Kim, H.-S., and Hwu, W.-M. W. Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis. In Static Analysis Symposium (Verona, Italy, 2004).Google Scholar
- Rugina, R., and Rinard, M. Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions. In Programming Language Design and Implementation (Vancouver, British Columbia, Canada, 2000). Google ScholarDigital Library
- Sagiv, M., Reps, T., and Wilhelm, R. Parametric Shape Analysis via 3-valued Logic. In Principles of Programming Languages (San Antonio, TX, 1999). Google ScholarDigital Library
- Steensgaard, B. Points-to Analysis in Almost Linear Time. In Principles of Programming Languages (St. Petersburg Beach, FL, 1996). Google ScholarDigital Library
- Xie, Y., Chou, A., and Engler, D. ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors. In European Software Engineering Conference (Helsinki, Finland, 2003). Google ScholarDigital Library
- Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazières, D. Making Information Flow Explicit in HiStar. In Symposium on Operating Systems Design and Implementation (Seattle, WA, 2006). Google ScholarDigital Library
- Zheng, X., and Rugina, R. Demand-driven Alias Analysis for C. In Principles of Programming Languages (San Francisco, CA, 2008). Google ScholarDigital Library
Index Terms
- SWIPE: eager erasure of sensitive data in large scale systems software
Recommendations
Minimizing lifetime of sensitive data in concurrent programs
CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacyThe prolonged lifetime of sensitive data (such as passwords) in applications gives rise to several security risks. A promising approach is to erase sensitive data in an "eager fashion", i.e., as soon as its use is no longer required in the application. ...
Efficient anonymity schemes for clustered wireless sensor networks
In this paper, we propose two simple and efficient schemes for establishing anonymity in Clustered Wireless Sensor Networks (CWSNs). The first scheme Simple Anonymity Scheme (SAS), uses a range of pseudonyms as identifiers for a node to ensure ...
Comments