Jump to content

Protecting Memory Secrets: Difference between revisions

Protecting Memory Secrets (view source)

Revision as of 11:30, 20 January 2023

7 bytes added ,  1 year ago
m
Fixed typos, missing words etc.
m (Fixed typos, missing words etc.)
Line 12:
 
- secrets: information like credit card or social insurance numbers, passwords, cryptographic keys or IV's, random number seeds, etc.
- threats: things like memory scrapers that may not even be written in the same language - don't assume the only threat is code written in your language.
 
The object of the task is to show how to minimize the exposure of secret data, basically to remove it or render it unrecoverable at a point in time such as a specific event (e.g. authorization of a transaction, completion of a transaction, completion of a process, removal of plain text after encryption, etc.
Line 35:
2. Managed Memory (garbage collectors)
 
In languages like Java and .Net which manage memory for the programmer this can be challenging. Many of these represent some types of data (e.g. strings) as immutable objects so zeroing them isn't possible. Simply discarding them and waiting for the garbage collector to possibly sort things out doesn't meet the intent. If your language has a type for secrets or a guaranteed destructorsdestructor that would work this is exactly what this task is for.
 
a) If possible switch to a mutable data type. In some languages strings are immutable but arrays of single characters or even numbers are not and can be "zeroed" out.
Line 47:
e) Call out to a platform function or API that will contain and manage the secret.
 
f) Call out to a custom external function that will or could maintain and manage the secret (just show an external call, no need to write the external function).
 
g) Something completely different that achieves the same goal.
 
Part of your solution will be describe what you are doing and the "secret sauce" that lets it work (i.e. how you overcame challenges). References (links, book references) to supporting langaugelanguage features, APIs, etc. will be important to any developer needing to do use this technique to comply with a standard.
 
 
Line 61:
 
* has two types of secrets called PAN (Primary Account Number) and SAD (Sensitive Authentication Data)
* don't keep secrets in working memory any longer than strictly necessary
* developers should have secure coding traingtraining for their langaugelanguage that includes managing sensitive data in memory
 
PCI Secure Software Standard (v1.2) [https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf PCI Secure Software Standard] see requirements 1.1 & 3.5
Line 68:
* has a broader definition of secrets or sensitive information
* implement methods to render transient sensitive data irretrievable and to confirm that sensitive data is unrecoverable after the process is complete even if it is only stored temporarily in program memory / variables during operation of the software
* requires knowledge of any platform or implementation level issues that complicate the OF erasure of transient sensitive data and to confirm that methods have been implemented to minimize the risk posed by these complications (methods may be external to your language).
 
See also [https://www.reddit.com/r/ProgrammingLanguages/comments/100tyxg/secrets_management_in_volatile_memory_best/ Reddit discussion of the issue]
PureFox
9,485

edits

Retrieved from "https://rosettacode.org/wiki/Special:MobileDiff/335768"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information