Reference:
To appear in Proceedings of the 2004 Usenix Security Symposium.
Abstract:
Strictly limiting the lifetime (i.e.~propagation and duration of
exposure) of sensitive data (e.g.~passwords) is an important and
well accepted practice in secure software development.
Unfortunately, there are no current methods available for easily
analyzing data lifetime, and very little information available on
the quality of today's software with respect to data lifetime.
We describe a system we have developed for analyzing sensitive data
lifetime through whole system simulation called TaintBochs.
TaintBochs tracks sensitive data by ``tainting'' it at the
hardware level. Tainting information is then propagated across
operating system, language, and application boundaries, permitting
analysis of sensitive data handling at a whole system level.
We have used TaintBochs to analyze sensitive data handling in
several large, real world applications. Among these were Mozilla,
Apache, and Perl, which are used to process millions of passwords,
credit card numbers, etc.~on a daily basis. Our investigation
reveals that these applications and the components they rely upon
take virtually no measures to limit the lifetime of sensitive data
they handle, leaving passwords and other sensitive data
scattered throughout user and kernel memory. We show how a few
simple and practical changes can greatly reduce sensitive data
lifetime in these applications.
Full paper: [ps] [pdf] [Bibtex Entry]