Check out the new USENIX Web site. next up previous
Next: Performance Up: Evaluation Previous: Evaluation

Security evaluation

Figure 6: Excerpts from the core file of an induced crash in the ssh client. The top core file excerpt shows the stack with the password present - ``abracadabra'' from an unmodified ssh client. The middle core file is from a version of ssh that has been modified using the Scrash transformations and annotations. The password now resides in the secure region, but since the cleaning process has not yet been executed on the core file, the password is again present. The bottom core file shows that the cleaner overwrites the secure region, and all occurrences of the password have been removed.
\begin{figure}{\tiny\verbatiminput{smalloc-results}}
\end{figure}

We examined core files produced by our modified version of ssh to verify that sensitive information was placed only in the secure region and that the cleaning process properly eliminated sensitive data. Figure 6 shows the excerpts from three core files in which we induced a program crash. The top core file is the original version of ssh, in which the password is present on the stack. The middle core file is the result of running ssh after applying the Scrash transformations, in which the password resides in the secure heap. The final excerpt shows the result after running the cleaner.


next up previous
Next: Performance Up: Evaluation Previous: Evaluation
Naveen Sastry 2003-05-12