Protection of confidential data is one of the central challenges for software developers, as examples as an example -password, cryptographic keys, individual information or sensitive commercial secrets. While many safety measures focus on encryption of data in storage (at rest) or transmission (in transmission), often a reduced attack vector is the vector: safety of sensitive information in memory (in memory).
Advertisement
Since 1996, Swen Java has been programming in industrial projects and has been programming for more than 15 years in industries such as automobile, space travel, insurance, banks, UN and World Bank for 15 years. He has been in conferences and community programs from the US to New Zealand for 10 years, worked as a developer lawyer for JFROG and Vaadin and regularly writes posts for IT magazines and technology portals. In addition to its main theme Core Java, he belongs to TDD and safe coding practices.
Data kept in memory are potentially weakened in various ways such as memory extracts (memory dump), heat analysis, side channel attacks or uncertain memory management. Especially when using programming languages with automatic storage management such as Java, the challenge is that developers only have a limited control when sensitive data is eventually removed from memory.
Therefore effective protection requires proven practices such as a conscious handling of the memory life bicycle, reducing the storage period of sensitive data, using the target mechanism to avoid memory leaks and to achieve storage. In this article we generally consider perfect methods, security risks and concrete measures in Java to effectively preserve confidential data in memory.
Important aspects of protecting confidential data in memory
To ensure safety of confidential data in RAM against techniques such as memory extracts (memory dump), heip analysis or side channel attacks, a structured protective approach is required, which sees the entire life cycle of this data in memory. This is from sensitive information, safety and controlled processing from unnecessary storage to the consistent and irreversible deletion of data.
Storage: Reducing storage appearance of sensitive information
A central measure to increase data security is to limit the time of confidential information in the RAM to a completely required minimum. Sensitive data should only be stored in RAM if necessary is required for direct processing, and then you should be removed immediately. In this way, the risk of an unauthorized extraction can be reduced by memory analysis or forensic processes.
In practice, however, security -political information is often kept in a long period of space, especially due to disabled storage management strategies or fruitless intermediate storage. For example, access data, cryptographic keys or personal data are often made in variables or data structures over the long term, although they are no longer necessary after completing the transaction.
Therefore it is necessary to apply the mechanism with the architecture of the software which ensures a target reduction in storage retention. This includes the use of the memory-conscious algorithm (as showing the following examples), the implementation of restrictive cashing strategies and the use of unnecessary copies of sensitive data within the software architecture.
Processing: temporary and protected use of sensitive data
As soon as confidential data is processed, you should only be available for the period of calculation or transaction in memory. A permanent safety strategy requires not only to reduce the period in which data is available, but also a targeted security against potential attacks.
In particular, cryptographic operations should be performed in preserved memory areas to ensure that safety -political information is not stored in RAM. The use of special safety modules or separate memory areas can contribute to more effective security.
In addition, it should be ensured that sensitive data accidentally not stored in other frequent storage during log files or processing. Debugging mechanisms and memory analysis should not be introduced in any way to disclose information related to safety. The implementation of access restrictions on ongoing procedures and deactivating debugging functionalities in the productive environment contribute significantly to the lack of possible attack vector.
Extrusion: Ensure irreversible removal of sensitive data
Often is underestimated, but security -political aspects are safe and timely removal of confidential data from memory. Due to the concepts of many programming languages and operating systems, memory areas that are no longer referred to are often released by mechanisms such as automatic storage cleaning (garbage collection). Consequently, sensitive information is potentially in memory in a non -deterinistic period, even if it is no longer necessary from the perspective of the application.
To avoid this, developers should use a clear storage cleaning mechanism to transmit especially with neutral or random values before the release of resources. This remedy ensures that no reconstructive data pieces live in the memory that can be extracted by forensic processes.
In addition, it should be ensured that sensitive data accidentally not outsourced in logged files, temporary files or frequent storage structures such as swap memory areas. This requires strict access control and regular security check to ensure that the entire life cycle of confidential data is adequately managed in memory.
