Thread: Should Linux wipe memory more often for better security?
View Single Post
  #11 (permalink)  
Old 02-27-2008, 07:57 PM
phil-news-nospam@ipal.net
Guest
  
Posts: n/a
Default Re: Should Linux wipe memory more often for better security?
In comp.os.linux.development.system shimp <example@nobody.com> wrote:
| phil-news-nospam@ipal.net wrote:
|> In comp.os.linux.development.system Bernd Felsche <bernie@innovative.iinet.net.au> wrote:
|> | phil-news-nospam@ipal.net wrote:
|> |>shimp <example@nobody.com> wrote:
|> |
|> |>> It has been known from the beginning that DRAM holds its state a
|> |>> while after power is removed. Thats how it works. There is a
|> |>> circuit that refreshes it every X milliseconds. But it is a big
|> |>> big surprise, at least to me, that data can recovered up to 10
|> |>> minutes afterwards!!?
|> |
|> |>> The only real world ramification I can see is that you should
|> |>> completely powerdown your laptop 10 mins before going through a
|> |>> security checkpoint. Or unmount crypt stuff and do a memory wipe.
|> |
|> |>So add a RAM wipe right at the end of the halt sequence (in
|> |>addition to other security measures like storing keys in unused
|> |>corners of video card SRAM).
|> |
|> | Scrubbing page tables making a good start. Much quicker than the
|> | whole RAM - which could span gigabytes for the well-endowed.
|>
|> How about a special space set aside in RAM that the kernel is aware of,
|> which the storing of keys would make use of in lieu of regular RAM.
|> That way the key can get wiped first, and any unencrypted data in the
|> rest of RAM can be done later.
|
| Being able to mark pages as 'i need to be wiped' by the kernel would be
| cool. Then again the only sure thing is to wipe all memory. Developer
| make mistakes, software has design flaws. Best to wipe it all.

I agree. But maybe we can have some means to designate priority for cases
when CPU operating time might be very limited because AC power to PSU is
gone.


|> How easy would it be to have some addressable memory, even if slower,
|> implemented via the PCI bus? A plug in PCI card with some genuine SRAM
|> that loses data the instant the power is lost could be used. Even better
|> would be to have such a card with crypto hardware in it, so the key never
|> needs to be read back in to DRAM once stored in the card when the system
|> boots up and the key is provided by the human user.
|
|
| Hmm that gives me an idea. I bet someone right now today could create a
| little battery powered piggyback board that sits between your
| motherboard and your RAM modules. It could detect powerdown and do the wipe.

Or maybe a PCI card with DMA?

It could also have a header to attach intrusion detectors and do a system
reset at the same time.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-27-1454@ipal.net |
|------------------------------------/-------------------------------------|

Reply With Quote