Solar Designer wrote:
On Tue, Oct 30, 2012 at 11:29:17AM -0400, Thierry Moreau wrote:
Isn't memory-space cleanse() isolated from file system specifics except
for the swap space?
Normally yes, but the swap space may be in a file (rather than a disk
partition), or the swap partition may be in a virtual machine, which may
reside in a file.
Is the SSD technology used for swap state in any of the OS distributions?
It depends on how the OS is installed. Plenty of installs have swap on SSD.
Assuming that cleanse() as to deal only with L1 CPU cache, L2 CPU cache,
main memory, and swap space, I considered a periodical "swap space
sanitation" operation to be useful: add a new swap space partition,
remove an existing one, sanitize the removed one (low-level, below file
system), put it back into the available set of partitions. I did not
experiment in practice.
But that "partition sanitation" strategy ought to be part of an "open
HSM" type of project.
What kind of HSM is that where you expect to need swap at all? Just
disable swap, unless you're using an OS that can't live without swap.
I don't know. The intended HSM is Linux-based with a selected set of
software components for its mission: server-side packages that would be
on the closed HSM's host are candidates for the open HSM context.
Then it's just a matter of the shortest route to finish: route a) secure
the swap, route b) monitor software components for maximum memory usage
vs physical mem plus make a memory exhaustion fault analysis.
Alexander
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography