Protecting sensitive data in software products and in generating core dumps
First Claim
Patent Images
1. A method of protecting sensitive data when a core dump is generated, said method comprising:
- updating, at run-time of an executable file, by one or more processors, a secure data section of a memory of a computer, to include storage information of sensitive data indicating a location of the sensitive data;
scanning, by the one or more processors, the memory of the computer to find the secure data section in the memory;
acquiring, by the one or more processors, the sensitive data, by utilizing the storage information to locate the sensitive data corresponding to the storage information;
processing, by the one or more processors, the sensitive data to hide the sensitive data, wherein hiding the sensitive data is not reversible; and
generating, by the one or more processors, a core dump file, wherein the core dump file does not comprise the sensitive data.
1 Assignment
0 Petitions
Accused Products
Abstract
Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.
-
Citations
20 Claims
-
1. A method of protecting sensitive data when a core dump is generated, said method comprising:
-
updating, at run-time of an executable file, by one or more processors, a secure data section of a memory of a computer, to include storage information of sensitive data indicating a location of the sensitive data; scanning, by the one or more processors, the memory of the computer to find the secure data section in the memory; acquiring, by the one or more processors, the sensitive data, by utilizing the storage information to locate the sensitive data corresponding to the storage information; processing, by the one or more processors, the sensitive data to hide the sensitive data, wherein hiding the sensitive data is not reversible; and generating, by the one or more processors, a core dump file, wherein the core dump file does not comprise the sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a memory; one or more processors in communication with the memory; and program instructions executable by the processor via the memory to perform a method, the method comprising; updating, at run-time of an executable file, by the one or more processors, a secure data section of a memory of a computer, to include storage information of sensitive data indicating a location of the sensitive data; scanning, by the one or more processors, the memory of the computer to find the secure data section in the memory; acquiring, by the one or more processors, the sensitive data, by utilizing the storage information to locate the sensitive data corresponding to the storage information; processing, by the processor, the sensitive data to hide the sensitive data; and generating, by the processor, a core dump file, wherein the core dump file does not comprise the sensitive data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising:
a computer readable storage medium readable by one or more processors and storing instructions for execution by the one or more processors for performing a method comprising; updating, at run-time of an executable file, by the one or more processors, a secure data section of a memory of a computer, to include storage information of sensitive data indicating a location of the sensitive data; scanning, by the one or more processors, the memory of the computer to find the secure data section in the memory; acquiring, by the one or more processors, the sensitive data, by utilizing the storage information to locate the sensitive data corresponding to the storage information; processing, by the processor, the sensitive data to hide the sensitive data; and generating, by the processor, a core dump file, wherein the core dump file does not comprise the sensitive data. - View Dependent Claims (18, 19, 20)
Specification