Mark Rosen (mrosen@peganet.com)
Mon, 11 May 1998 17:43:50 -0400
>I belive this is the case for just about all operating systems that have a
>'keep in memory' system call. It is nothing to do with 'password'
security,
>rather a very strong hint that we don't want the memory swapped out. Real
>Time OSs may actually implement a no swap/page policy but this is very
>dangerous on a multi-user system. Just because the system call claims to
>implement something that looks like a 'no-swap' policy, does not mean it is
>true.
I use the VirtualLock and Unlock functions just for good measure. The
only real solution is to overwrite all memory that was used to store
sensitive data. Although this does not guarantee that all sensitive data has
been wiped from the disk (the OS may have made copies), it's the best you
can do.
To automate the secure memory process, you can implement new smalloc and
sfree functions. smalloc allocates and locks, sfree wipes, unlocks, and then
deallocates. You can do the same with the C++ new and delete operators.
To further ensure that data does not escape into the crevices of the
swapfile (and other places), my Kremlin product schedules itself at midnight
(or some other time) to wipe the free space on the user's hard drive, where
residule from a variable-length swapfile will reside (along with other
"deleted" data), and to wipe all physical and virtual memory by allocating
all available memory and overwriting it several times (with 0s, 1s, random
data, and its complement). Kremlin also wipes the file slack (the space
between the end of the file and the end of the hard drive cluster; splace
that is reported to be used, but is, in reality, unused and may contain
sensitive data that you thought was gone.
Of course, if you want absolute security, you can incinerate your laptop
each time you're done using it. :-)
- Mark Rosen
http://www.mach5.com/
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:20 ADT