Skip to main content
SpringerLink
Log in

DEICS: Data Erasure in Concurrent Software

  • Conference paper
Secure IT Systems (NordSec 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8788))

Included in the following conference series:

  • 1776 Accesses

Abstract

A well known tenet for ensuring unauthorized leaks of sensitive data such as passwords and cryptographic keys is to erase (“zeroize”) them after their intended use in any program. Prior work on minimizing sensitive data lifetimes has focused exclusively on sequential programs. In this work, we address the problem of data lifetime minimization for concurrent programs. We develop a new algorithm that precisely anticipates when to introduce these erasures, and develop an implementation of this algorithm in a tool called DEICS. Through an experimental evaluation, we show that DEICS is able to reduce lifetimes of shared sensitive data in several concurrent applications (over 100k lines of code combined) with minimal performance overheads.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common vulnerability exposures, https://cve.mitre.org/

  2. Mtdaapd, http://sourceforge.net/projects/mt-daapd/

  3. Pfscan, http://freecode.com/projects/pfscan

  4. Radar, http://cseweb.ucsd.edu/~lerner/radar.html

  5. Zebedee, http://www.winton.org.uk/zebedee/index.html

  6. Heartbleed (2014), http://en.wikipedia.org/wiki/Heartbleed

  7. Aiken, A., Fahndrich, M., Levien, R.: Better static memory management: improving region-based analysis of higher-order languages. In: Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, New York, NY, USA (1995)

    Google Scholar 

  8. Akritidis, P.: Cling: A Memory Allocator to Mitigate Dangling Pointers. In: USENIX Security Symposium, Washington, DC (2010)

    Google Scholar 

  9. Andersenm, L.O.: Program Analysis and Specialization for the C Programming Language. Technical report (1994)

    Google Scholar 

  10. Avots, D., Dalton, M., Benjamin Livshits, V., Lam, M.S.: Improving Software Security with a C Pointer Analysis. In: International Conference on Software Engineering, St. Louis, MO (2005)

    Google Scholar 

  11. von Behren, R., Condit, J., Zhou, F., McCloskey, B., Brewer, E., Necula, G.: Knot, http://capriccio.cs.berkeley.edu/

  12. Birkedal, L., Tofte, M., Vejlstrup, M.: From region inference to von neumann machines via region representation inference. In: Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1996, pp. 171–183. ACM, New York (1996)

    Google Scholar 

  13. Boehm, H.-J.: A Garbage Collector for C and C++ (2002), http://www.hpl.hp.com/personal/Hans_Boehm/gc

  14. Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2003, pp. 62–73. ACM, New York (2003)

    Google Scholar 

  15. Chong, S., Myers, A.C.: Language-Based Information Erasure. In: Computer Security Foundations Workshop, Aix-en-Provence, France (2005)

    Google Scholar 

  16. Chong, S., Myers, A.C.: End-to-End Enforcement of Erasure and Declassification. In: Computer Security Foundations Symposium, Pittsburgh, PA (2008)

    Google Scholar 

  17. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding Data Lifetime via Whole System Simulation. In: USENIX Security Symposium, San Diego, CA (2004)

    Google Scholar 

  18. Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding Your Garbage: Reducing Data Lifetime through Secure Deallocation. In: USENIX Security Symposium, Baltimore, MD (2005)

    Google Scholar 

  19. Chugh, R., Voung, J.W., Jhala, R., Lerner, S.: Dataflow analysis for concurrent programs using datarace detection. In: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2008, pp. 316–326. ACM, New York (2008)

    Chapter  Google Scholar 

  20. De, A., D’Souza, D., Nasre, R.: Dataflow analysis for datarace-free programs. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 196–215. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Duesterwald, E., Soffa, M.L.: Concurrency analysis in the presence of procedures using a data-flow framework. In: Proceedings of the Symposium on Testing, Analysis, and Verification, TAV4, pp. 36–48. ACM, New York (1991)

    Chapter  Google Scholar 

  22. Dwyer, M.B., Clarke, L.A.: Data flow analysis for verifying properties of concurrent programs. In: Proceedings of the 2nd ACM SIGSOFT Symposium on Foundations of Software Engineering, SIGSOFT 1994, pp. 62–75. ACM, New York (1994)

    Google Scholar 

  23. Gondi, K., Bisht, P., Venkatachari, P., Prasad Sistla, A., Venkatakrishnan, V.N.: Swipe: eager erasure of sensitive data in large scale systems software. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 295–306. ACM, New York (2012)

    Google Scholar 

  24. Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-state Memory. In: USENIX Security Symposium, San Jose, California (1996)

    Google Scholar 

  25. Gutmann, P.: Data Remanence in Semiconductor Devices. In: USENIX Security Symposium, Washington, DC (2001)

    Google Scholar 

  26. Guttman, P.: Software Leaves Encryption Keys, Passwords Lying around in Memory. Security Focus Vuln Dev Mailing List (2002), http://www.securityfocus.com/archive/82/298001/30/0/threaded

  27. Guyer, S.Z., McKinley, K.S., Frampton, D.: Free-Me: A Static Analysis for Automatic Individual Object Reclamation. In: Programming Language Design and Implementation, Ottawa, Ontario, Canada (2006)

    Google Scholar 

  28. Hallenberg, N., Elsman, M., Tofte, M.: Combining region inference and garbage collection. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI 2002, pp. 141–152. ACM, New York (2002)

    Chapter  Google Scholar 

  29. Khatiwala, T., Swaminathan, R., Venkatakrishnan, V.N.: Data Sandboxing: A Technique for Enforcing Confidentiality Policies. In: Annual Computer Security Applications Conference, Miami Beach, FL (2006)

    Google Scholar 

  30. Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Frans Kaashoek, M., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: Symposium on Operating Systems Principles, Washington, WA (2007)

    Google Scholar 

  31. Lattner, C., Adve, V.: Automatic Pool Allocation: Improving Performance by Controlling Data Structure Layout in the Heap. In: Programming Language Design and Implementation, Chicago, IL (2005)

    Google Scholar 

  32. Lee, J., Padua, D.A., Midkiff, S.P.: Basic compiler algorithms for parallel programs. In: Proceedings of the Seventh ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP 1999, pp. 1–12. ACM, New York (1999)

    Google Scholar 

  33. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: IEEE Symposium on Security and Privacy, Oakland, CA (2010)

    Google Scholar 

  34. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  35. Netzer, R.H.B., Miller, B.P.: What are race conditions?: Some issues and formalizations. ACM Lett. Program. Lang. Syst. 1(1), 74–88 (1992)

    Article  Google Scholar 

  36. Qadeer, S., Wu, D.: Kiss: keep it simple and sequential. SIGPLAN Not. 39(6), 14–24 (2004)

    Article  Google Scholar 

  37. Ruggieri, C., Murtagh, T.P.: Lifetime analysis of dynamically allocated objects. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1988, pp. 285–293. ACM, New York (1988)

    Google Scholar 

  38. Rugina, R., Rinard, M.: Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions. In: Programming Language Design and Implementation, Vancouver, British Columbia, Canada (2000)

    Google Scholar 

  39. Sinha, N., Wang, C.: Staged concurrent program analysis. In: Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2010, pp. 47–56. ACM, New York (2010)

    Google Scholar 

  40. Steensgaard, B.: Points-to Analysis in Almost Linear Time. In: Principles of Programming Languages, St. Petersburg Beach, FL (1996)

    Google Scholar 

  41. Thomaßen, A.: Retawq, http://retawq.sourceforge.net/

  42. Tofte, M., Talpin, J.-P.: Implementation of the typed call-by-value λ-calculus using a stack of regions. In: Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1994, pp. 188–201. ACM, New York (1994)

    Google Scholar 

  43. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: Symposium on Operating Systems Design and Implementation, Seattle, WA (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois, Chicago, USA

    Kalpana Gondi, A. Prasad Sistla & V. N. Venkatakrishnan

Authors
  1. Kalpana Gondi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Prasad Sistla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. N. Venkatakrishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SINTEF ICT, Trondheim, Norway

    Karin Bernsmed

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Gondi, K., Sistla, A.P., Venkatakrishnan, V.N. (2014). DEICS: Data Erasure in Concurrent Software. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11599-3_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11598-6

  • Online ISBN: 978-3-319-11599-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation