Secure garbage collection: Preventing malicious data harvesting from deallocated Java objects inside the Dalvik VM. (June 2015)
- Record Type:
- Journal Article
- Title:
- Secure garbage collection: Preventing malicious data harvesting from deallocated Java objects inside the Dalvik VM. (June 2015)
- Main Title:
- Secure garbage collection: Preventing malicious data harvesting from deallocated Java objects inside the Dalvik VM
- Authors:
- Anikeev, Maxim
Freiling, Felix C.
Götzfried, Johannes
Müller, Tilo - Abstract:
- Abstract: We study the problem of data exposure in main memory caused by insecure deallocation, which is still the default in all common memory management schemes. We propose declarative approaches to handle unreasonably long data lifetime at the programming language level, and present several directions on how current platforms can be improved to minimize the lifetime of confidential data. For the particularly difficult case of Java with its automated garbage collection approach, we present a specific implementation of our approach for the Dalvik VM runtime environment. We give the application level programmer of Android more control over memory by making garbage collection predictable, and by providing the ability to explicitly override and free memory. While the performance impact arising from our approach is negligible in most scenarios, we prove its effectiveness by validating that no freed Java objects can be traced in RAM at runtime anymore.
- Is Part Of:
- Journal of information security and applications. Volume 22(2015)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 22(2015)
- Issue Display:
- Volume 22, Issue 2015 (2015)
- Year:
- 2015
- Volume:
- 22
- Issue:
- 2015
- Issue Sort Value:
- 2015-0022-2015-0000
- Page Start:
- 81
- Page End:
- 86
- Publication Date:
- 2015-06
- Subjects:
- Secure deallocation -- Garbage collection -- Android Dalvik VM
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2014.10.001 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 2749.xml