Browse Prior Art Database

Method To Generate Declassified Dump File Using Source Code Annotations

IP.com Disclosure Number: IPCOM000235867D
Publication Date: 2014-Mar-28
Document File: 2 page(s) / 32K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosued is a method to generate declassified dump files using source code annotations. Kernel crash dumps typically contain sensitive data such as crypto keys, confidential data that customers would want to scrub before sending the dump to service personnel. Tools are available to compress and filter out predefined type of data pages from dump file, but not flexible enough to erase specific kernel data. We propose a technique which uses compiler directives to annotate data structures containg sensitive information in the source code. Compiler recognizes these annotations and generates suitable sections in the kernel image file, which is also loaded along with kernel image. During system crash this section is read from second kernel or panic path to identify and scrub sensitive information before generating the dump file, thus generating declassified dump files.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Method To Generate Declassified Dump File Using Source Code Annotations

Authors: Aravinda Prasad, Mahesh J Salgaonkar

A kernel crash dump is a snapshot of the system state and memory at the time of crash. It typically contains sensitive data that customers would want to scrub before sending the dump to service personnel for analysis. These include crypto keys, confidential data and the like. The tools like gdb and crash are used by service personnel to analyze the crash dump. These tools allows one to take a look at kernel stack, back traces of all the processes, formatted kernel structure and variables, virtual memory data, dumps of linked-lists, etc., along with several commands that delve deeper into specific kernel subsystems. Hence sending out the un-scrubbed dump carries a risk of exposing encryption keys, passwords and/or confidential data.

Confidential/sensitive data present in coredumps is considered as a serious issue. We consider an example of Linux kernel to demonstrate presence of such data in the kernel dumps. The structure "keys" represent units of cryptographic data, authentication tokens, keyrings, etc., in the Linux kernel. Each key has a number of attributes such as serial number, type, access control information, payload etc. The keys are chained into "keyring_name_hash" global variable. The Payload is a quantity of data that represent the actual "key". When the system crashes, the kernel dump contains data related to key and payload. Hence it is essential to scrub such data in the dump file.

Proposed is a technique to generate declassified core dump files. In this technique the kernel data structures which contain sensitive or confidential information are annotated using compiler directives in the source code. The compiler generates a separate note section for all these annotations. The note section contains symbol, size pair and is also loaded into memory. The loader processes all the relocations in the note section and hence, when loaded, note section contains the

pair. When the kernel crashes, the second kernel reads the contents of the note section and for each entry poisons the virtual address for the specified size. Poisoning can also be done in panic path. Thus confidential or sensitive data are scrubbed before the dump file is created.

While we have specifically explained the generation of declassified dump file from the kernel context, we believe, this can be extended to all software programs/products for which core dumpfiles are generated during exception. Extending the concept to other software programs/products is straight forward and scrubbing can be done in the gencore path for user applications/programs.

Advantages:


- Helps in identifying...