Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM
| dc.contributor.author | Pridgen, Adam | |
| dc.contributor.author | Garfinkel, Simson | |
| dc.contributor.author | Wallach, Dan | |
| dc.date.accessioned | 2016-12-29T02:12:48Z | |
| dc.date.available | 2016-12-29T02:12:48Z | |
| dc.date.issued | 2017-01-04 | |
| dc.description.abstract | Applications that manage \ sensitive secrets, including cryptographic keys, are typically \ engineered to overwrite the secrets in memory once they're no longer \ necessary, offering an important defense against forensic attacks \ against the computer. In a modern garbage-collected memory system, \ however, live objects will be copied and compacted into new memory \ pages, with the user program being unable to reach and zero out \ obsolete copies in old memory pages that have not yet \ been reused. This paper considers this problem in the HotSpot JVM, \ the default JVM used by the Oracle and OpenJDK Java platforms. \ We analyze the SerialGC and Garbage First Garbage Collector (G1GC) \ implementations, showing that sensitive data such as TLS keys are \ easily extracted from the garbage. To mitigate this issue, we \ implemented techniques to sanitize older heap pages and we measure \ the performance impact--sometimes good, sometimes unacceptable. We \ also discuss how future garbage collectors might be designed from \ scratch with efficient heap sanitation in mind. \ | |
| dc.format.extent | 10 pages | |
| dc.identifier.doi | 10.24251/HICSS.2017.727 | |
| dc.identifier.isbn | 978-0-9981331-0-2 | |
| dc.identifier.uri | http://hdl.handle.net/10125/41887 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings of the 50th Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Blackbox analysis | |
| dc.subject | Java HotSpot JVM | |
| dc.subject | TLS | |
| dc.subject | Secure Memory Management | |
| dc.subject | Garbage Collection | |
| dc.title | Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text |
Files
Original bundle
1 - 1 of 1