摘要: Computer programs often work with a variety of sensitive data and class String is widely used in object-oriented programming languages for this purpose. However, saving to object not safe as it encrypted may still be the operating memory even after no longer needed. Due non-deterministic behaviour mechanism responsible removing unused items from memory, we cannot say certainty when will actually removed. If an attacker gets either part or entire image, then they can easily read these data. This paper discusses options oriented that provide programmers way storing form. We present pseudo code secure compliant Data retention Cryptography requirements PCI DSS standard.
acm.org
sci-hub.se 参考文章(7)
Qiang Zeng, Mingyi Zhao, Peng Liu, HeapTherapy: An Efficient End-to-End Solution against Heap Buffer Overflows 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 485- 496 ,(2015) , 10.1109/DSN.2015.54
Le Guan, Jingqiang Lin, Bo Luo, Jiwu Jing, Jing Wang, Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory 2015 IEEE Symposium on Security and Privacy. pp. 3- 19 ,(2015) , 10.1109/SP.2015.8
Durumeric Zakir, Li Frank, Kasten James, Amann Johanna, Beekman Jethro, Payer Mathias, Weaver Nicolas, Adrian David, Paxson Vern, Bailey Michael, The Matter of Heartbleed internet measurement conference. pp. 475- 488 ,(2014) , 10.1145/2663716.2663755
Y. Dodis, J. Spencer, On the (non)universality of the one-time pad foundations of computer science. pp. 376- 385 ,(2002) , 10.1109/SFCS.2002.1181962
Patrick Colp, Jiawen Zhang, James Gleeson, Sahil Suneja, Eyal de Lara, Himanshu Raj, Stefan Saroiu, Alec Wolman, Protecting Data on Smartphones and Tablets from Memory Attacks architectural support for programming languages and operating systems. ,vol. 43, pp. 177- 189 ,(2015) , 10.1145/2694344.2694380
Sherri Davidoff, Cleartext Passwords in Linux Memory ,(2008)
Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu, Shreds: Fine-Grained Execution Units with Private Memory 2016 IEEE Symposium on Security and Privacy (SP). pp. 56- 71 ,(2016) , 10.1109/SP.2016.12