Advertisement

DEICS: Data Erasure in Concurrent Software

  • Kalpana Gondi
  • A. Prasad Sistla
  • V. N. Venkatakrishnan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8788)

Abstract

A well known tenet for ensuring unauthorized leaks of sensitive data such as passwords and cryptographic keys is to erase (“zeroize”) them after their intended use in any program. Prior work on minimizing sensitive data lifetimes has focused exclusively on sequential programs. In this work, we address the problem of data lifetime minimization for concurrent programs. We develop a new algorithm that precisely anticipates when to introduce these erasures, and develop an implementation of this algorithm in a tool called DEICS. Through an experimental evaluation, we show that DEICS is able to reduce lifetimes of shared sensitive data in several concurrent applications (over 100k lines of code combined) with minimal performance overheads.

Keywords

Shared Data Shared Variable Sensitive Data Data Lifetime Critical Pair 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Common vulnerability exposures, https://cve.mitre.org/
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
  7. 7.
    Aiken, A., Fahndrich, M., Levien, R.: Better static memory management: improving region-based analysis of higher-order languages. In: Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, New York, NY, USA (1995)Google Scholar
  8. 8.
    Akritidis, P.: Cling: A Memory Allocator to Mitigate Dangling Pointers. In: USENIX Security Symposium, Washington, DC (2010)Google Scholar
  9. 9.
    Andersenm, L.O.: Program Analysis and Specialization for the C Programming Language. Technical report (1994)Google Scholar
  10. 10.
    Avots, D., Dalton, M., Benjamin Livshits, V., Lam, M.S.: Improving Software Security with a C Pointer Analysis. In: International Conference on Software Engineering, St. Louis, MO (2005)Google Scholar
  11. 11.
    von Behren, R., Condit, J., Zhou, F., McCloskey, B., Brewer, E., Necula, G.: Knot, http://capriccio.cs.berkeley.edu/
  12. 12.
    Birkedal, L., Tofte, M., Vejlstrup, M.: From region inference to von neumann machines via region representation inference. In: Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1996, pp. 171–183. ACM, New York (1996)Google Scholar
  13. 13.
    Boehm, H.-J.: A Garbage Collector for C and C++ (2002), http://www.hpl.hp.com/personal/Hans_Boehm/gc
  14. 14.
    Bouajjani, A., Esparza, J., Touili, T.: A generic approach to the static analysis of concurrent programs with procedures. In: Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2003, pp. 62–73. ACM, New York (2003)Google Scholar
  15. 15.
    Chong, S., Myers, A.C.: Language-Based Information Erasure. In: Computer Security Foundations Workshop, Aix-en-Provence, France (2005)Google Scholar
  16. 16.
    Chong, S., Myers, A.C.: End-to-End Enforcement of Erasure and Declassification. In: Computer Security Foundations Symposium, Pittsburgh, PA (2008)Google Scholar
  17. 17.
    Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding Data Lifetime via Whole System Simulation. In: USENIX Security Symposium, San Diego, CA (2004)Google Scholar
  18. 18.
    Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding Your Garbage: Reducing Data Lifetime through Secure Deallocation. In: USENIX Security Symposium, Baltimore, MD (2005)Google Scholar
  19. 19.
    Chugh, R., Voung, J.W., Jhala, R., Lerner, S.: Dataflow analysis for concurrent programs using datarace detection. In: Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2008, pp. 316–326. ACM, New York (2008)CrossRefGoogle Scholar
  20. 20.
    De, A., D’Souza, D., Nasre, R.: Dataflow analysis for datarace-free programs. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 196–215. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Duesterwald, E., Soffa, M.L.: Concurrency analysis in the presence of procedures using a data-flow framework. In: Proceedings of the Symposium on Testing, Analysis, and Verification, TAV4, pp. 36–48. ACM, New York (1991)CrossRefGoogle Scholar
  22. 22.
    Dwyer, M.B., Clarke, L.A.: Data flow analysis for verifying properties of concurrent programs. In: Proceedings of the 2nd ACM SIGSOFT Symposium on Foundations of Software Engineering, SIGSOFT 1994, pp. 62–75. ACM, New York (1994)Google Scholar
  23. 23.
    Gondi, K., Bisht, P., Venkatachari, P., Prasad Sistla, A., Venkatakrishnan, V.N.: Swipe: eager erasure of sensitive data in large scale systems software. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 295–306. ACM, New York (2012)Google Scholar
  24. 24.
    Gutmann, P.: Secure Deletion of Data from Magnetic and Solid-state Memory. In: USENIX Security Symposium, San Jose, California (1996)Google Scholar
  25. 25.
    Gutmann, P.: Data Remanence in Semiconductor Devices. In: USENIX Security Symposium, Washington, DC (2001)Google Scholar
  26. 26.
    Guttman, P.: Software Leaves Encryption Keys, Passwords Lying around in Memory. Security Focus Vuln Dev Mailing List (2002), http://www.securityfocus.com/archive/82/298001/30/0/threaded
  27. 27.
    Guyer, S.Z., McKinley, K.S., Frampton, D.: Free-Me: A Static Analysis for Automatic Individual Object Reclamation. In: Programming Language Design and Implementation, Ottawa, Ontario, Canada (2006)Google Scholar
  28. 28.
    Hallenberg, N., Elsman, M., Tofte, M.: Combining region inference and garbage collection. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, PLDI 2002, pp. 141–152. ACM, New York (2002)CrossRefGoogle Scholar
  29. 29.
    Khatiwala, T., Swaminathan, R., Venkatakrishnan, V.N.: Data Sandboxing: A Technique for Enforcing Confidentiality Policies. In: Annual Computer Security Applications Conference, Miami Beach, FL (2006)Google Scholar
  30. 30.
    Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Frans Kaashoek, M., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: Symposium on Operating Systems Principles, Washington, WA (2007)Google Scholar
  31. 31.
    Lattner, C., Adve, V.: Automatic Pool Allocation: Improving Performance by Controlling Data Structure Layout in the Heap. In: Programming Language Design and Implementation, Chicago, IL (2005)Google Scholar
  32. 32.
    Lee, J., Padua, D.A., Midkiff, S.P.: Basic compiler algorithms for parallel programs. In: Proceedings of the Seventh ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP 1999, pp. 1–12. ACM, New York (1999)Google Scholar
  33. 33.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: IEEE Symposium on Security and Privacy, Oakland, CA (2010)Google Scholar
  34. 34.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  35. 35.
    Netzer, R.H.B., Miller, B.P.: What are race conditions?: Some issues and formalizations. ACM Lett. Program. Lang. Syst. 1(1), 74–88 (1992)CrossRefGoogle Scholar
  36. 36.
    Qadeer, S., Wu, D.: Kiss: keep it simple and sequential. SIGPLAN Not. 39(6), 14–24 (2004)CrossRefGoogle Scholar
  37. 37.
    Ruggieri, C., Murtagh, T.P.: Lifetime analysis of dynamically allocated objects. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1988, pp. 285–293. ACM, New York (1988)Google Scholar
  38. 38.
    Rugina, R., Rinard, M.: Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions. In: Programming Language Design and Implementation, Vancouver, British Columbia, Canada (2000)Google Scholar
  39. 39.
    Sinha, N., Wang, C.: Staged concurrent program analysis. In: Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2010, pp. 47–56. ACM, New York (2010)Google Scholar
  40. 40.
    Steensgaard, B.: Points-to Analysis in Almost Linear Time. In: Principles of Programming Languages, St. Petersburg Beach, FL (1996)Google Scholar
  41. 41.
    Thomaßen, A.: Retawq, http://retawq.sourceforge.net/
  42. 42.
    Tofte, M., Talpin, J.-P.: Implementation of the typed call-by-value λ-calculus using a stack of regions. In: Proceedings of the 21st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1994, pp. 188–201. ACM, New York (1994)Google Scholar
  43. 43.
    Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: Symposium on Operating Systems Design and Implementation, Seattle, WA (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Kalpana Gondi
    • 1
  • A. Prasad Sistla
    • 1
  • V. N. Venkatakrishnan
    • 1
  1. 1.Department of Computer ScienceUniversity of IllinoisChicagoUSA

Personalised recommendations