针对冷启动攻击:如何限制Haskell中的敏感信息 [英] Against cold boot attacks: how to restrain sensitive information in Haskell
问题描述
在程序退出后,有什么方法可以确保密钥材料从内存中安全地擦除?能够手动清除并保持程序运行会更好。正如Haskell使用自动化垃圾收集(如果存在大量可用内存,这可能根本不会发生?),我认为第二项任务是不可能的。可以使用FFI实现这些目的吗?
当不再需要GHC时,所以仅仅退出记忆就无法实现你的目标。垃圾收集是一项复杂的业务,但通常无法确保您的安全数据的旧副本不会返回到操作系统内存池。
但是操作系统在将其分配给另一个进程之前会将您的内存留空。如果你不相信操作系统来保证你的内存安全,那么你就有更大的问题。
我不确定你的意思是不可靠。 Haskell GC是可靠的,但该程序对发生的事情几乎没有可见性。
然而,如果您仅仅关心加密密钥而不是大的复杂数据结构那么生活会变得更好。您可以使用外国指针指向您的密钥的内存位置,然后将该位内存消隐到您的最终程序的一部分中。你甚至可以编写一些代码来分配一块内存,它和 mlocks 然后根据请求将外部指针转交给该内存的密钥大小块,最后擦除密钥的终结者。这可能会做你想做的。一个ForeignPtr的关键在于它保证不会被GC移动或重新解释。
Is there any way to ensure key material gets securely erased from the memory after the program exits? Being able to erase it manually and keep the program running would be even better. As Haskell uses automated garbage collection (which may not happen at all if there is loads of free memory?), I assume that the second task is impossible. Could something that serves the purpose be implemented using FFI?
GHC can return memory to the OS when it is no longer needed, so merely blanking the memory on exit won't achieve your goal. Garbage collection is a complicated business, but there is in general no way to ensure that old copies of your secure data are not returned to the OS memory pool.
However the OS will blank your memory before allocating it to another process. If you don't trust the OS to keep your memory secure then you have a much bigger problem.
I'm not sure what you mean by "unreliable"; Haskell GC is reliable, but the program has comparatively little visibility of what is happening.
However if you are concerned merely with a cryptographic key rather than a big, complicated data structure then life gets a bit better. You can use a Foreign Pointer to point to a memory location for your key, and then make blanking that bit of memory into a part of your finaliser. You can even write a bit of code that allocates a block of memory, mlocks it, and then hands off foreign pointers to key-sized chunks of that memory on request, with finalisers that wipe the key. That would probably do what you want.
The point of a ForeignPtr is that it is guaranteed not to be moved or re-interpreted by the GC.
这篇关于针对冷启动攻击:如何限制Haskell中的敏感信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
