Method and device for eliminating sensitive data of Linux system memory

A technology of sensitive data and system memory, applied in the direction of program control device, program loading/starting, etc., can solve the problems of inability to completely clear sensitive data, low efficiency, etc., and achieve the effect of low power consumption and strong compatibility

Active Publication Date: 2014-08-27
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the existing PAX patches still have deficiencies such as low efficiency and inability to fully remove sensitive data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for eliminating sensitive data of Linux system memory
  • Method and device for eliminating sensitive data of Linux system memory
  • Method and device for eliminating sensitive data of Linux system memory

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] Embodiment 1. A method for clearing sensitive data in Linux system memory, including:

[0043] 101. When the process calls the close system call to close the file, or when the process exits and calls exit_files to close the unclosed file, locate the corresponding address space structure struct address_space through the file structure struct file, and determine the inode corresponding to the file to be closed Whether the structure has dirty pages, if so, call the vfs_fsync function to only write back the dirty pages in the file to the disk; traverse the radix tree in the address space structure that is located, and delete all pages in the radix tree. Release to free area after zero;

[0044] 102. Construct a read-write linked list in each process to record the starting address address and data length length in the device cache when reading or writing data to the device file; when the read system call or the write system call exits, pass through the To read and write the link...

Embodiment 2

[0132] Embodiment 2. A device 90 for clearing sensitive data in Linux system memory, such as Picture 9 Shown, including:

[0133] The file data clearing module 901 is used to locate the corresponding address space structure struct address_space through the file structure struct file when the process calls the close system call to close the file, or when the process exits and calls exit_files to close the unclosed file, to determine what is needed Whether the inode structure corresponding to the closed file has dirty pages, if so, call the vfs_fsync function to only write back the dirty pages in the file to the disk; traverse the radix tree in the address space structure that is located, and change the radix tree All pages are deleted and cleared and released to the free area;

[0134] The device data clearing module 902 is used to construct a read-write linked list in each process to record the starting address address and data length length in the device cache when reading or wr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for eliminating sensitive data of a Linux system memory. The method includes the steps that when a course calls a close system to call a closed file or exit_files are called for closing an unclosed file due to course exit, the unclosed file is located to corresponding struct address_space through a struct file, and if it is judged that a dirty page exists in an inode structure corresponding to the file to be closed, a vfs_fsync function is called so that the dirty page in the file can be written back to a disk; cardinal number trees in the located address space structure is traversed and all pages in the cardinal number trees are deleted and reset and then released to a free zone; a read-write chain table is established in each course, the start address and the data length in a device cache are recorded when data of a device file are read or written; when calling of a read or write system exits, the read-write chain tables are traversed, so that data in the address space from the address to the address plus the length of each node is reset.

Description

Technical field [0001] The invention relates to the technical field of computer operating system memory data security, in particular to a method and device for clearing sensitive memory data based on a Linux system. Background technique [0002] With the development of science and technology, memory security, especially the security of user sensitive data that is closely watched by computer operating system security conferences and IT companies, has become an important part of computer operating system security. This is necessary to improve system performance and memory space. Increasingly, the development trend of placing more and more data in the memory presents new challenges. [0003] Due to the relatively large delay in the operation of clearing data in a physical page frame in physical memory, the mechanism of the memory management module of the traditional Linux system is that the release of the physical page frame is only to release the process page table entry and the corr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/445
Inventor 涂碧波朱民孟丹
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap