13.3. Preventing Memory from Being Paged to Disk
Problem
Your program stores sensitive data in memory, and you want to prevent that data from ever being written to disk.
Solution
On Unix systems, the mlock( )
system call is often
implemented in such a way that locked memory is never swapped to
disk; however, the system call does not necessarily guarantee this
behavior. On Windows, VirtualLock( )
can be used
to achieve the desired behavior; locked memory will never be swapped
to disk.
Discussion
Warning
The solutions presented here are not foolproof methods. Given enough time and resources, someone will eventually be able to extract the data from the program’s memory. The best you can hope for is to make it so difficult to do that an attacker deems it not worth the time.
All modern operating systems have virtual memory managers. Among other things, virtual memory enables the operating system to make more memory available to running programs by swapping the contents of physical memory to disk. When a program must store sensitive data in memory, it risks having the information written to disk when the operating system runs low on physical memory.
On Windows systems, the
VirtualLock( )
API function allows an application to “lock” virtual memory into physical memory. The function guarantees that successfully locked memory will never be swapped to disk. However, preventing memory from swapping can have a significant negative performance impact on the system as a whole. Therefore, the amount ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.