residual data in dataspaces

[Boris Mulder]

Hello,

We often use cryptographic data such as keys in our code. Some of these
data are provided by a component that reads them from a file or from
user input. Other components use these keys to encrypt or decrypt data
such as network traffic, or maybe other keys.

For example, a component asks a user for a password, then the password
is used to derive a key, the component puts it in a dataspace accessible
as a ROM module by a network encryption component, which is then used to
encrypt network packets.

It is a good idea to leave traces of residual data in as little places
as possible, to reduce the number of sensitive memory locations to a
minimum in order to reduce attack vectors. So it would be nice if in the
example, the network component could ask the password component to clear
the key from the dataspace once it is done with this key. Currently, the
ROM session has no way of doing this; besides, there might be
complications such as other clients accessing the dataspace.

It would be nice to have this functionality somehow, so we have thought
of some possibilities:

* introducing a new session which wraps a rom/ram-dataspace and clears
it after reading, or if the client(s) have issued a clear request at the
server, after which the data is overwritten by zeroes or random;

* extending the ROM-session in such a way

How do you feel about this topic?

-- 

Met vriendelijke groet / kind regards,

Boris Mulder

Cyber Security Labs B.V. | Gooimeer 6-31 | 1411 DD Naarden | The Netherlands
+31 35 631 3253 (office)