Java 堆转储中的敏感数据

发布于 2024-10-27 14:34:45 字数 186 浏览 8 评论 0原文

我编写的软件可以处理各种敏感信息,例如电子邮件地址、密码和信用卡号。

当我们遇到内存问题时,最好让应用程序写入堆转储。问题是,如果线程恰好在该区域中工作,则堆转储可能包含纯文本的敏感信息......当我们在其他地方煞费苦心地对其进行加密时,我们并不真正希望将其写入磁盘。

有没有办法解决这个问题,例如让 JVM 写入加密转储?

I write software that deals with various pieces of sensitive information such as email addresses, passwords and credit card numbers.

When we're having memory trouble, it'd be nice to have the application write a heap dump. Problem is that the heap dump may contain sensitive information in plain text if a thread happens to be working in the area... we don't really want that written to disk when we take such great pains to encrypt it everywhere else.

Are there means of dealing with this such as causing the JVM to write an encrypted dump?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

独﹏钓一江月 2024-11-03 14:34:45

我一直在考虑在虚拟机之外处理这个问题。一种简单的方法可能是让 jvm 将转储写入加密的环回设备。当然,这并不完全安全,因为任何具有 root 访问权限的人都可以到达挂载点,但这是我期待的解决方案。我可能会看看是否可以设置一个由 jvm 最终写入的 FIFO。我知道虚拟机将使用的文件名,因此这可能会起作用,具体取决于虚拟机如何处理该文件名(稍后:这不起作用。JVM 抱怨“文件存在”)

使用 char 数组只能缓解问题,但是数组在转储时仍然可能包含一些纯文本。

I've been considering handling this outside if the VM. A naive approach might be to have the jvm write the dump to an encrypted loopback device. Of course this isn't totally secure as anyone with root access can get to the mount point, but this is the sort of solution I'm expecting. I might see if I can set up a FIFO that the jvm ends up writing to. I know the filename that the vm will use, so this might work depending upon how the vm would cope with that (Later: This doesn't work. The JVM complains with "File exists")

Using char arrays only mitigates the problem, but it's still possible that the array will contain some plain text at dump time.

云仙小弟 2024-11-03 14:34:45

简短的回答并不完全。在某些时候,您必须拥有清晰的数据才能使用它,而在垃圾收集的虚拟机中,您无法控制对象何时从内存中物理删除。最大限度降低风险的唯一真正策略是尽快删除对未加密机密数据的所有引用。它不能保证不会将机密数据写入内存转储中,但如果有人可以做到这一点,那么他们已经可以获得关键信息。

The short answer is not completely. At some point you have to have the data in the clear to use it and in garbage collected VMs you can't control when objects are physically removed from memory. The only real strategy to minimize risk is to remove all references to the unencrypted confidential data as quickly as possible. It won't guarantee that no confidential data will be written in a memory dump but if someone can do that then they can already get to the critical information.

安穩 2024-11-03 14:34:45

Paypal 最近发布了一个工具,用于从堆转储中删除敏感数据:

https://github.com /paypal/堆转储工具

Paypal has recently published a tool, to remove sensitive data from heap dumps:

https://github.com/paypal/heap-dump-tool

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文