Show simple item record

dc.contributor.authorPridgen, Adam
Garfinkel, Simson L.
Wallach, Dan S.
dc.date.accessioned 2017-01-30T22:36:08Z
dc.date.available 2017-01-30T22:36:08Z
dc.date.issued 2017
dc.identifier.citation Pridgen, Adam, Garfinkel, Simson L. and Wallach, Dan S.. "Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM." Proceedings of the 50th Hawaii International Conference on System Sciences, (2017) University of Hawai'i at Manoa: https://hdl.handle.net/1911/93827.
dc.identifier.urihttps://hdl.handle.net/1911/93827
dc.description.abstract Applications that manage sensitive secrets, including cryptographic keys, are typically engineered to overwrite the secrets in memory once they’re no longer necessary, offering an important defense against forensic attacks against the computer. In a modern garbage-collected memory system, however, live objects will be copied and compacted into new memory pages, with the user program being unable to reach and zero out obsolete copies in old memory pages that have not yet been reused. This paper considers this problem in the HotSpot JVM, the default JVM used by the Oracle and OpenJDK Java platforms. We analyze the SerialGC and Garbage First Garbage Collector (G1GC) implementations, showing that sensitive data such as TLS keys are easily extracted from the garbage. To mitigate this issue, we implemented techniques to sanitize older heap pages and we measure the performance impact–sometimes good, sometimes unacceptable. We also discuss how future garbage collectors might be designed from scratch with efficient heap sanitation in mind.
dc.language.iso eng
dc.publisher University of Hawai'i at Manoa
dc.relation.urihttps://hdl.handle.net/10125/41887
dc.rights This is an open access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International license.
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.title Present but Unreachable: Reducing Persistentlatent Secrets in HotSpot JVM
dc.type Journal article
dc.citation.journalTitle Proceedings of the 50th Hawaii International Conference on System Sciences
dc.type.dcmi Text
dc.type.publication publisher version


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record