CN114138455B - Memory residual information clearing method, device, terminal and storage medium - Google Patents
Memory residual information clearing method, device, terminal and storage medium Download PDFInfo
- Publication number
- CN114138455B CN114138455B CN202111230607.5A CN202111230607A CN114138455B CN 114138455 B CN114138455 B CN 114138455B CN 202111230607 A CN202111230607 A CN 202111230607A CN 114138455 B CN114138455 B CN 114138455B
- Authority
- CN
- China
- Prior art keywords
- memory block
- memory
- sensitive function
- clearing
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000006870 function Effects 0.000 claims abstract description 123
- 238000012545 processing Methods 0.000 claims abstract description 59
- 238000013507 mapping Methods 0.000 claims description 13
- 230000035945 sensitivity Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000004140 cleaning Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5011—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
- G06F9/5022—Mechanisms to release resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5011—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
- G06F9/5016—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, a system, a terminal and a storage medium for clearing residual information of a memory, which are characterized in that a function needing to clear data information is defined as a sensitive function, a special memory block is applied when the sensitive function is executed, business processing is carried out in the special memory block, after business processing is finished, data in the special memory block is cleared, and the clearing operation of the residual information of the memory is realized.
Description
Technical Field
The present application relates to the field of application system memory cleaning, and in particular, to a method, an apparatus, a terminal, and a storage medium for cleaning memory residual information.
Background
Generally, after the application system uses the information in the memory, the application system will not clean the used memory. After the function (or method) of the stored program exits, the function (or method) is still stored in the memory, and if an attacker scans the memory, the stored information is obtained. In order to achieve the purpose of protecting the residual information, the function is required to perform a re-writing operation on the memory space in which the information is stored before returning, write irrelevant (or garbage) information into the memory space, and also perform a zero clearing operation on the memory space.
The existing comprehensive clearing method is to clear the kernel stack when the system call exits, clear the data in the heap, stack and unshared mapping area of the user space of the process when the process exits, release the corresponding physical page frame of the file in the page buffer and clear the data when the process closes the opened file, and clear the data in the device buffer when the read-write system call is completed.
The targeted clearing scheme applied to multiple points causing sensitive information leakage inhibits network attack activities in a certain program, however, the clearing modes of a kernel stack, anonymous page user space, page cache and device cache are different, so that the complexity of clearing residual information and ensuring the safety of a system is increased. The existing scheme is to clear the physical memory page frame at the process level and the memory management mechanism module level, and has higher complexity and coarser granularity.
Disclosure of Invention
In order to solve the above problems, the present application provides a method, an apparatus, a terminal, and a storage medium for clearing remaining information in a memory, in which an application system directly clears information at a function level, and a function returns to complete overwriting of a used memory, so that clearing logic is simple and efficient, and has low complexity, and no need to wait for a system call to complete or a process to exit to be processed, so that an operation of clearing information is implemented as early as possible, and possible clearing failure is avoided.
In a first aspect, the present application provides a method for clearing remaining information in a memory, including the following steps:
defining a function needing to clear data information as a sensitive function;
and when the sensitive function is executed, applying for a special memory block, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block.
Further, the application specific memory block when the sensitive function is executed specifically includes:
the sensitive function applies for the special memory block through memory mapping before the I/O operation.
Further, after the application of the special memory block by the sensitive function through the memory mapping, the method further comprises the following steps:
and closing the CPU cache of the applied special memory block.
Further, the special memory block applied by the sensitive function comprises two pages, the sensitive function performs service processing on page 1, and page 2 is prefilled with a random number;
after the business processing is completed, the data in the special memory block is cleared, which specifically comprises the following steps:
and after the business processing is completed, the content of the page 2 completely covers the content of the page 1.
Further, the 2 nd page prefill random number specifically includes:
all pre-filling 0xff on page 2, and applying a random number between 0 and 255;
the selected half of the contents of page 2 is filled with the random number.
Further, the method further comprises the following steps after the data in the special memory block is cleared:
and releasing the professional memory block applied by the sensitive function.
Further, the method comprises the following steps:
when the sensitive function is executed, if another sensitive function needs to be called, the professional memory block of the another sensitive function is used as an input parameter to be called.
In a second aspect, the present application provides a memory residual information clearing device, including,
the sensitivity function definition module: defining a function needing to clear data information as a sensitive function;
the sensitive function execution module: and when the sensitive function is executed, applying for a special memory block, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block.
In a third aspect, a technical solution of the present application provides a terminal, including:
the memory is used for storing a memory residual information clearing program;
and the processor is used for realizing the steps of the memory residual information clearing method according to any one of the above steps when executing the memory residual information clearing program.
In a fourth aspect, the present application provides a readable storage medium, where a memory residual information clearing program is stored, where the memory residual information clearing program implements the steps of the memory residual information clearing method according to any one of the above steps when executed by a processor.
Compared with the prior art, the method, the device, the system, the terminal and the storage medium for clearing the memory residual information have the following beneficial effects: the application of the special memory block is performed when the sensitive function is executed, the service processing is performed in the special memory block, the data in the special memory block is subjected to the clearing operation after the service processing is completed, the clearing of the residual information of the memory is realized, the application system is directly used for clearing the information at the function level, the function returns to finish overwriting the used memory, the clearing logic is simple and efficient, the complexity is low, the processing is not required to be performed when the system call is completed or the process is exited, the operation of clearing the information is implemented as early as possible, and the possible clearing failure is avoided.
Drawings
For a clearer description of embodiments of the application or of the prior art, the drawings that are used in the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description below are only some embodiments of the application, and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a method for clearing remaining information in a memory according to an embodiment of the application.
Fig. 2 is a flowchart of a method for clearing remaining information in a memory according to an embodiment of the application.
Fig. 3 is a schematic block diagram of a memory residual information clearing device according to a second embodiment of the present application.
Fig. 4 is a schematic structural diagram of a terminal according to a third embodiment of the present application.
Detailed Description
In order to better understand the aspects of the present application, the present application will be described in further detail with reference to the accompanying drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The existing comprehensive memory residual clearing method is to clear a kernel stack when a system call exits, clear data in a heap, a stack and a non-shared mapping area of a user space of a process when the process exits, release a corresponding physical page frame of a file in a page cache and clear the data when the process closes the opened file, and clear the data in a device cache when a read-write system call is completed. The targeted clearing scheme applied to multiple points causing sensitive information leakage inhibits network attack activities in a certain program, however, the clearing modes of a kernel stack, anonymous page user space, page cache and device cache are different, so that the complexity of clearing residual information and ensuring the safety of a system is increased. The existing scheme is to clear the physical memory page frame at the process level and the memory management mechanism module level, and has higher complexity and coarser granularity.
Therefore, the application provides a memory residual information clearing scheme, which is characterized in that a sensitive function applies for a special memory block, business processing is carried out in the special memory block, and after business processing is finished, data in the special memory block is cleared, so that the memory residual information is cleared, the logic is simple, the complexity is low, the information is cleared at the function level, the memory information is cleared when the function returns, and the information clearing efficiency is improved.
Example 1
Fig. 1 is a flowchart of a method for clearing remaining information in a memory according to a first embodiment, which includes the following steps.
S101, defining a function needing to clear data information as a sensitive function.
S102, applying for a special memory block when the sensitive function is executed, performing service processing in the special memory block, and clearing data in the special memory block after the service processing is completed.
The program of the application system comprises a plurality of functional functions, and the program calls the functional functions to realize business processing in the execution process. For the function of designing sensitive information such as passwords, keys and the like, the memory needs to be cleaned after the business is processed. The existing scheme is that operations such as cleaning a kernel stack are performed before the whole program is processed and exits. The method positions the function needing to clear the data information as a sensitive function, applies for the sensitive function to carry out service processing on the special memory block, and carries out clearing operation on the data in the special memory block after the service processing of the sensitive function is finished. The method realizes that the application system directly clears the information at the function level, the function returns to finish overwriting the used memory, the clearing logic is simple and efficient, the complexity is low, the processing is not needed to be carried out again when the system call is completed or the process exits, the operation of clearing the information is implemented as early as possible, and possible clearing failure is avoided.
It should be noted that the sensitive function may be used for processing sensitive data, or may be used for processing non-sensitive data, but is mainly used for processing sensitive data.
The sensitive function applies for special memory block to process business, and the data to process business needs to be read into the memory block, and after the business is processed, the data is written out to other functional functions or sensitive functions. In order to avoid using a page buffer mechanism, the application specific memory block is specifically: the sensitive function applies for the special memory block through memory mapping before the I/O operation. I.e. applying for the special memory block by means of memory mapping. In addition, after the sensitive function applies for the special memory block through the memory mapping, the CPU cache of the applied special memory block is closed.
When the sensitive function is executed, other functional functions or sensitive functions may need to be called, and if another sensitive function needs to be called, the professional memory block of the other sensitive function is used as an input parameter to be called.
It should be noted that the sensitive function may use a hardware encryption technique to encrypt the data in the internal private memory, so as to avoid the trust problem of the OS.
In order to realize the data clearing operation of the special memory block, the special memory block applied by the sensitive function of the embodiment comprises two pages, the sensitive function carries out service processing on page 1, and page 2 is prefilled with a random number. Correspondingly, after the service processing is completed, the data in the special memory block is cleared, which specifically comprises the following steps: and after the business processing is completed, the content of the page 2 completely covers the content of the page 1. Namely, business processing is carried out on the page 1, and after the business processing is finished, the random number in the page 2 is covered with the content of the page 1, so that the elimination of business data is realized.
Wherein, the 2 nd page prefill random number specifically includes: all pre-filling 0xff on page 2, and applying a random number between 0 and 255; the selected half of the contents of page 2 is filled with the random number.
In particular, the sensitive function should also handle the abnormal condition (i.e., abnormal return condition) during the I/O operation, ensuring that the contents of page 1 are completely covered with the contents of page 2 before returning.
In addition, in order to ensure the memory use efficiency, in this embodiment, after the data in the dedicated memory block is cleared, the dedicated memory block applied by the sensitive function is released. After the memory block is released, the sensitive function returns.
In order to facilitate the test of the sensitive function, the sensitive function can be further organized into a sensitive function library, which can be a user state library or a core state library.
For further understanding of the present application, based on the above steps, a specific embodiment is provided in combination with the principles of the present application, and a schematic flow chart of the specific embodiment is shown in fig. 2, including the following steps.
SS1, the function to be cleared of data information is defined as the sensitive function.
The SS2 applies for the special memory block through memory mapping before the I/O operation, wherein the applied special memory block comprises two pages.
SS3, pre-filling 0xff in the 2 nd page of the special memory block, and applying a random number between 0 and 255; the selected half of the contents of page 2 is filled with the random number.
And SS4, performing service processing on the page 1 of the special memory block by the sensitive function.
And SS5, after the business processing on the 1 st page of the special memory block is completed, completely covering the content of the 1 st page with the content of the 2 nd page.
And SS6, releasing the professional memory block applied by the sensitive function.
Example two
The second embodiment provides a memory remaining information clearing device, configured to implement the memory remaining information clearing method of the first embodiment.
Fig. 3 is a schematic block diagram of a memory residual information clearing device according to a second embodiment, which includes the following functional modules.
The sensitivity function definition module: the function that needs to clear the data information is defined as the sensitive function.
The sensitive function execution module: and when the sensitive function is executed, applying for a special memory block, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block.
The memory residual information clearing device of this embodiment is used to implement the foregoing memory residual information clearing method, so that the specific implementation of this device can be seen from the foregoing example part of the memory residual information clearing method, so that the specific implementation of this device can refer to the description of the corresponding examples of each part, and will not be described herein.
According to the memory residual information clearing device provided by the second embodiment, the special memory block is applied for when the sensitive function is executed, the service processing is performed in the special memory block, and after the service processing is finished, the data in the special memory block is cleared, so that the memory residual information is cleared.
Example III
Fig. 4 is a schematic structural diagram of a terminal device 400 according to an embodiment of the present application, including: processor 410, memory 420, and communication unit 430. The processor 410 is configured to implement the following steps when implementing the memory residual information clearing program stored in the memory 420:
defining a function needing to clear data information as a sensitive function;
and when the sensitive function is executed, applying for a special memory block, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block.
The method and the device apply for the special memory block when the sensitive function is executed, perform service processing in the special memory block, and perform clearing operation on data in the special memory block after the service processing is completed, so as to realize clearing of residual information of the memory.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: the sensitive function applies for the special memory block through memory mapping before the I/O operation.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: after the sensitive function applies for the special memory block through the memory mapping, the CPU cache of the applied special memory block is closed.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: the special memory block applied by the sensitive function comprises two pages, the sensitive function performs service processing on page 1, and page 2 is prefilled with a random number; and after the business processing is finished, the data in the special memory block is cleared, and the content of the page 2 completely covers the content of the page 1.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: all pre-filling 0xff on page 2, and applying a random number between 0 and 255; the selected half of the contents of page 2 is filled with the random number.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: and after the data in the special memory block is cleared, releasing the special memory block applied by the sensitive function.
In some embodiments, when the processor 410 executes the memory remaining information clearing subroutine stored in the memory 420, implementation may be specifically implemented: when the sensitive function is executed, if another sensitive function needs to be called, the professional memory block of the another sensitive function is used as an input parameter to be called.
The terminal device 400 includes a processor 410, a memory 420, and a communication unit 430. The components may communicate via one or more buses, and it will be appreciated by those skilled in the art that the configuration of the server as shown in the drawings is not limiting of the application, as it may be a bus-like structure, a star-like structure, or include more or fewer components than shown, or may be a combination of certain components or a different arrangement of components.
The memory 420 may be used to store instructions for execution by the processor 410, and the memory 420 may be implemented by any type of volatile or nonvolatile memory terminal or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk. The execution of the instructions in memory 420, when executed by processor 410, enables terminal 400 to perform some or all of the steps in the method embodiments described below.
The processor 410 is a control center of the storage terminal, connects various parts of the entire electronic terminal using various interfaces and lines, and performs various functions of the electronic terminal and/or processes data by running or executing software programs and/or modules stored in the memory 420, and invoking data stored in the memory. The processor may be comprised of an integrated circuit (Integrated Circuit, simply referred to as an IC), for example, a single packaged IC, or may be comprised of a plurality of packaged ICs connected to the same function or different functions. For example, the processor 410 may include only a central processing unit (Central Processing Unit, simply CPU). In the embodiment of the application, the CPU can be a single operation core or can comprise multiple operation cores.
And a communication unit 430 for establishing a communication channel so that the storage terminal can communicate with other terminals. Receiving user data sent by other terminals or sending the user data to other terminals.
Example IV
The application also provides a computer storage medium, which can be a magnetic disk, an optical disk, a read-only memory (ROM) or a random access memory (random access memory, RAM) and the like.
The computer storage medium stores a memory residual information clearing program which when executed by the processor realizes the following steps:
defining a function needing to clear data information as a sensitive function;
and when the sensitive function is executed, applying for a special memory block, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block.
The method and the device apply for the special memory block when the sensitive function is executed, perform service processing in the special memory block, and perform clearing operation on data in the special memory block after the service processing is completed, so as to realize clearing of residual information of the memory.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: the sensitive function applies for the special memory block through memory mapping before the I/O operation.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: after the sensitive function applies for the special memory block through the memory mapping, the CPU cache of the applied special memory block is closed.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: the special memory block applied by the sensitive function comprises two pages, the sensitive function performs service processing on page 1, and page 2 is prefilled with a random number; and after the business processing is finished, the data in the special memory block is cleared, and the content of the page 2 completely covers the content of the page 1.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: all pre-filling 0xff on page 2, and applying a random number between 0 and 255; the selected half of the contents of page 2 is filled with the random number.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: and after the data in the special memory block is cleared, releasing the special memory block applied by the sensitive function.
In some embodiments, the memory remaining information clearing subroutine stored in the readable storage medium may specifically be implemented when executed by a processor: when the sensitive function is executed, if another sensitive function needs to be called, the professional memory block of the another sensitive function is used as an input parameter to be called.
It will be apparent to those skilled in the art that the techniques of embodiments of the present application may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solution in the embodiments of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium such as a U-disc, a mobile hard disc, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, etc. various media capable of storing program codes, including several instructions for causing a computer terminal (which may be a personal computer, a server, or a second terminal, a network terminal, etc.) to execute all or part of the steps of the method described in the embodiments of the present application.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing disclosure is merely illustrative of the preferred embodiments of the application and the application is not limited thereto, since modifications and variations may be made by those skilled in the art without departing from the principles of the application.
Claims (8)
1. The method for clearing the residual information of the memory is characterized by comprising the following steps of:
defining a function needing to clear data information as a sensitive function;
applying for a special memory block when the sensitive function is executed, performing service processing in the special memory block, and performing a clearing operation on data in the special memory block after the service processing is completed;
releasing the special memory block applied by the sensitive function; after releasing the special memory block, the sensitive function returns;
the special memory block applied by the sensitive function comprises two pages, the sensitive function performs service processing on page 1, and page 2 is prefilled with a random number;
after the business processing is completed, the data in the special memory block is cleared, which specifically comprises the following steps:
and after the business processing is completed, the content of the page 2 completely covers the content of the page 1.
2. The method for clearing residual memory information according to claim 1, wherein the application specific memory block is executed by the sensitive function, specifically:
the sensitive function applies for the special memory block through memory mapping before the I/O operation.
3. The memory residual information clearing method according to claim 2, further comprising the steps of, after the application of the dedicated memory block by the sensitive function through the memory map:
and closing the CPU cache of the applied special memory block.
4. The method for clearing remaining memory information as claimed in claim 3, wherein the page 2 prefill random number comprises:
all pre-filling 0xff on page 2, and applying a random number between 0 and 255;
the selected half of the contents of page 2 is filled with the random number.
5. The memory remainder information clearing method according to any one of claims 1-4, further comprising the steps of:
when the sensitive function is executed, if another sensitive function needs to be called, the special memory block of the other sensitive function is used as an input parameter to be called.
6. A memory residual information clearing device is characterized by comprising,
the sensitivity function definition module: defining a function needing to clear data information as a sensitive function;
the sensitive function execution module: applying for a special memory block when the sensitive function is executed, performing service processing in the special memory block, and after the service processing is finished, performing a clearing operation on data in the special memory block, and releasing the special memory block applied by the sensitive function; after releasing the special memory block, the sensitive function returns;
the special memory block applied by the sensitive function comprises two pages, the sensitive function performs service processing on page 1, and page 2 is prefilled with a random number;
after the business processing is completed, the data in the special memory block is cleared, which specifically comprises the following steps:
and after the business processing is completed, the content of the page 2 completely covers the content of the page 1.
7. A terminal, comprising:
the memory is used for storing a memory residual information clearing program;
a processor, configured to implement the method for clearing remaining memory information according to any one of claims 1 to 5 when executing the program for clearing remaining memory information.
8. A readable storage medium, wherein a memory residual information removal program is stored on the readable storage medium, and the memory residual information removal program, when executed by a processor, implements the steps of the memory residual information removal method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111230607.5A CN114138455B (en) | 2021-10-22 | 2021-10-22 | Memory residual information clearing method, device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111230607.5A CN114138455B (en) | 2021-10-22 | 2021-10-22 | Memory residual information clearing method, device, terminal and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114138455A CN114138455A (en) | 2022-03-04 |
| CN114138455B true CN114138455B (en) | 2023-11-14 |
Family
ID=80395492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111230607.5A Active CN114138455B (en) | 2021-10-22 | 2021-10-22 | Memory residual information clearing method, device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114138455B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106127073A (en) * | 2016-06-21 | 2016-11-16 | 新昌县七星街道明盛模具厂 | A kind of guard method of user's operation information |
| CN112182602A (en) * | 2020-09-21 | 2021-01-05 | 苏州浪潮智能科技有限公司 | Disk residual information protection method and device and computer readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11741253B2 (en) * | 2019-01-31 | 2023-08-29 | Hewlett Packard Enterprise Development Lp | Operating system service sanitization of data associated with sensitive information |
-
2021
- 2021-10-22 CN CN202111230607.5A patent/CN114138455B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106127073A (en) * | 2016-06-21 | 2016-11-16 | 新昌县七星街道明盛模具厂 | A kind of guard method of user's operation information |
| CN112182602A (en) * | 2020-09-21 | 2021-01-05 | 苏州浪潮智能科技有限公司 | Disk residual information protection method and device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114138455A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180157863A1 (en) | Method and apparatus for storing privacy information based on application | |
| US10534929B2 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
| Ntantogian et al. | Evaluating the privacy of Android mobile applications under forensic analysis | |
| CN109726549A (en) | The technology that insincere code for being supported using processor sandbox is executed | |
| JP2019506666A (en) | Stack return address protected by caller in hardware management stack architecture | |
| CN110381068A (en) | Forced access control method, device, the network equipment and storage medium | |
| CN104364758A (en) | API redirection for limited capability operating systems | |
| CN112596950B (en) | Virtual machine data backup method, device, equipment and storage medium | |
| CN110807191B (en) | Safe operation method and device of application program | |
| CN115335806A (en) | Shadow stack violation enforcement at module granularity | |
| CN107908957A (en) | A kind of safe operation management method and system of intelligent terminal | |
| US7303135B2 (en) | Semiconductor memory card and computer readable program | |
| CN114138455B (en) | Memory residual information clearing method, device, terminal and storage medium | |
| CN114115664A (en) | Screenshot processing method, device, equipment and medium | |
| US6711625B1 (en) | Kernel file I/O management system and method | |
| US20110145596A1 (en) | Secure Data Handling In A Computer System | |
| CN115362433A (en) | Shadow stack enforcement range for dynamic code | |
| CN107368738A (en) | A kind of anti-Root method and devices of smart machine | |
| CN111782474A (en) | Log processing method and device, electronic equipment and medium | |
| JP2024530593A (en) | Deferred Reclaiming of Secure Guest Resources | |
| CN114254346A (en) | Data storage processing method, system, equipment and medium | |
| CN112131615B (en) | Data storage mechanism supporting supervision | |
| CN107634826B (en) | Encryption method and system based on ZYNQ device | |
| CN118228292B (en) | Data encryption method, system and device based on OCI (optical code interface) driving agent | |
| CN109800580A (en) | The authority control method and device of system process, storage medium, computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |