Abstract - Security Symposium - 2000
Encrypting Virtual Memory
Niels Provos, University of Michigan
In modern operating systems, cryptographic file systems can protect
confidential data from unauthorized access. However, once an
authorized process has accessed data from a cryptographic file system,
the data can appear as plaintext in the unprotected virtual memory
backing store, even after system shutdown. The solution described in
this paper uses swap encryption for processes in possession of
confidential data. Volatile encryption keys are chosen randomly, and
remain valid only for short time periods. Invalid encryption keys are
deleted, effectively erasing all data that was encrypted with them.
The swap encryption system has been implemented for the UVM
virtual memory system and its performance is acceptable.