Advertisement

DATAEvictor: To Reduce the Leakage of Sensitive Data Targeting Multiple Memory Copies and Data Lifetimes

  • Min Zhu
  • Bibo Tu
  • Ruibang You
  • Yanzhao Li
  • Dan Meng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)

Abstract

In modern operating systems, when a process terminates, the data still remain in the memory for an uncertain time. In addition, encryption is insufficient because the keys may be leaked through some compulsory means. In this paper, we present a novel OS-level approach called DATAEvictor, which thoroughly and timely evicts the sensitive data not only in the user stack, heap, kernel stack, but also in page cache, kernel buffer, slab objects and virtual memory swap when the process terminates. It aims to cut short the lifetime of sensitive data in memory as early as possible, so as to reduce the possibility of these data being leaked. DATAEvictor provides a “private mode” execution for any application according to user requirements, and just needs an appropriate code extension to the Linux kernel sources. The results of performance evaluation show that the implementation of DATAEvictor only results in a reasonable system performance loss.

Keywords

Sensitive data leakage Data encryption Data lifetime Memory attack OS security 

References

  1. 1.
    Lyman, J.: Security: TaintBochs testing highlights the persistence of OS memory. http://archive09.linux.com/feature/36916. Accessed 22 June 2004
  2. 2.
    Dunn, A.M., Lee, M.Z., Jana, S., Kim, S., Silberstein, M., Xu, Y., Shmatikov, V., Witchel, E.: Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels, In: OSDI 2012 (2012)Google Scholar
  3. 3.
    Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th Conference on USENIX Security Symposium, 09–13 August 2004Google Scholar
  4. 4.
    Czeskis, A., Hilaire, D.J.S., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications. In: Proceedings of the 3rd Conference on Hot Topics in Security, 29 July 2008 (2008)Google Scholar
  5. 5.
    Google Project Hosting. LiME-Linux memory extractor. http://code.google.com/p/lime-forensics/
  6. 6.
    The Volatility Framework. https://code.google.com/p/volatility/
  7. 7.
    Kannan, J., Altekar, G., Maniatis, P., Chun, B.-G.: Making programs forget: enforcing lifetime for sensitive data. In: Proceedings of the 13th USENIX Conference on Hot Topics in Operating Systems, 09–11 May 2011Google Scholar
  8. 8.
    Dorrendorf, L.: Protecting Drive Encryption Systems Against Memory Attacks. IACR Cryptology ePrint Archive (2011)Google Scholar
  9. 9.
    Peterson, P.A.H.: Cryptkeeper: improving security with encrypted RAM. In: Proceedings of the IEEE International Conference on Technologies for Homeland Security (2010)Google Scholar
  10. 10.
    Provos, N.: Encrypting virtual memory. In: Proceedings of the 9th Conference on USENIX Security Symposium, p. 3, 14–17 August 2000Google Scholar
  11. 11.
    Onarlioglu, K., Mulliner, C., Robertson, W., Kirda, E.: PRIVEXEC: private execution as an operating system service. In IEEE Symposium on S&P (2013)Google Scholar
  12. 12.
    Thing, V.L.L., Ying, H.-M.: A novel time-memory trade-off method for password recovery. In: Proceedings of the Ninth Annual DFRWS Conference, vol. 6, Supplement, pp. S114–S120, September 2009Google Scholar
  13. 13.
    Homepage of the PaX team. http://pax.grsecurity.net
  14. 14.
    Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding your garbage: reducing data lifetime through secure deallocation. In: Proceedings of the 14th Conference on USENIX Security Symposium, 31 July–05 August 2005Google Scholar
  15. 15.
  16. 16.
    Gubanovis, Y., Afonin, O.: Catching the Ghost: How to Discover Ephemeral Evidence through Live RAM Analysis (2013). http://forensic.belkasoft.com/download/info/Live_RAM_-Analysis_in_Digital_Forensics.pdf
  17. 17.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M.: Data lifetime is a systems problem. In: ACM SIGOPS European Workshop, 19–22 September 2004Google Scholar
  18. 18.
    Halderman, J.A, Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attack on encryption keys. In: USENIX Security Symposium (2008)Google Scholar
  19. 19.
    Di Crescenzo, G., Ferguson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Harrison, K., Xu, S.: Protecting cryptographic keys from memory disclosure attacks. In: IEEE/IFIP International Conference on DSN (2007)Google Scholar
  21. 21.
    Oberheide, J., Rosenberg, D.: Stackjacking your way to grsecurity/PaX bypass (2011). https://jon.oberheide.org/files/stackjacking-hes11.pdf
  22. 22.
    Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Proceedings of the 6th USENIX Security Symposium (1996)Google Scholar
  23. 23.
    Hamilton, T.: ‘Error’ sends bank files to eBay. Toronto Star, 15 September 2003 (2003)Google Scholar
  24. 24.
    Perlman, R.: File system design with assured delete. In: Proceedings of the Third IEEE International Security in Storage Workshop, pp. 83–88 (2005)Google Scholar
  25. 25.
  26. 26.
    Evolution of Integrity Checking with Intel® Trusted Execution Technology: an Intel IT Perspective. http://www.intel.cn/content/www/cn/zh/pc-security/intel-it-security-trusted-execution-technology-paper.html
  27. 27.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP, 2013, vol. 13, p. 10 (2013)Google Scholar
  28. 28.
    Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM (2013)Google Scholar
  29. 29.
    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for cpu based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP (2013)Google Scholar
  30. 30.
    Graziano, M., Lanzi, A., Balzarotti, D.: Hypervisor memory forensics. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 21–40. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. 31.
    Petroni, N.L., Walters, A., Fraser, T., Arbaugh, W.A.: FATKit: a framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Invest. 3(4), 197–210 (2006)CrossRefGoogle Scholar
  32. 32.
  33. 33.
    HHD Software Ltd. Free Hex Editor Neo. http://www.hhdsoftware.com/free-hex-editor
  34. 34.
  35. 35.
    Sissel, J. (a hacker): Xdotool - fake keyboard/mouse input, window management, and more. http://www.semicomplete.com/projects/xdotool/. Posted Sun, 21 July 2013
  36. 36.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with Haven. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation. USENIX Association (2014)Google Scholar
  37. 37.
    Suh, G.E., Clarke, D., Gassend, B., Van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Annual International Conference on Supercomputing. ACM (2003)Google Scholar
  38. 38.
    Suh, G.E., Clarke, D., Gassend, B., Dijk, M.V., Devadas, S.: Efficient memory integrity verification and encryption for secure processors. In: Proceedings of the 36th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society (2003)Google Scholar
  39. 39.
    Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an untrusted operating system on trusted hardware. In: ACM SIGOPS Operating Systems Review. ACM (2003)Google Scholar
  40. 40.
    Champagne, D., Lee, R.B.: Scalable architectural support for trusted software. In: 2010 IEEE 16th International Symposium on High Performance Computer Architecture (HPCA). IEEE (2010)Google Scholar
  41. 41.
    Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, M.: Secureme: a hardware-software approach to full system security. In: Proceedings of the International Conference on Supercomputing. ACM (2011)Google Scholar
  42. 42.
    Viega, J.: Protecting sensitive data in memory (2001). http://www.ibm.com/developerworks/library/s-data.html?n-s-311
  43. 43.
    Ford, B., Cox, R.: Vx32: lightweight, user-level sandboxing on the x86. In: USENIX Annual Technical Conference (2008)Google Scholar
  44. 44.
    Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native client: a sandbox for portable, untrusted x86 native code. In: IEEE Symposium on Security and Privacy (2009)Google Scholar
  45. 45.
    Borders, K., Vander Weele, E., Lau, B., Prakash, A.: Protecting confidential data on personal computers with storage capsules. In: USENIX Security Symposium (2009)Google Scholar
  46. 46.
    Tang, Y., Ames, P., Bhamidipati, S., Bijlani, A., Geambasu, R., Sarda, N.: CleanOS: limiting mobile data exposure with idle eviction. In: USENIX Conference on Operating Systems Design and Implementation (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Min Zhu
    • 1
  • Bibo Tu
    • 1
  • Ruibang You
    • 1
  • Yanzhao Li
    • 1
  • Dan Meng
    • 1
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina

Personalised recommendations