Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On the one hand hibernate could just zero out the secret memory instead of storing it, which would be trivial to detect by an application by checking if guard values were set to zero. On the other hand using hibernate significantly increases the risk of leaking parts of the secret that might temporarily end up on the stack or other less protected memory regions. So the tradeoff in program complexity might not be worth it, of course at that point you could still disable hibernate system wide.


> which would be trivial to detect by an application by checking if guard values were set to zero.

    if(data->guard != 0) {
        // Hibernation happens here.
        process(&data);
    }


You would have to check the guard after process and throw away the result if guard changed.

Edit: I think something similar is used to avoid time related system calls, the values are just mapped into the application address space and the kernel updates time and guard values concurrent to the application.


> just zero out the secret memory

Or pipe in /dev/urandom for that matter




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: