...
- uses objects to store sensitive data whose values are not cleared or garbage collected after use
- has memory pages that can be swapped out to disk as required by the operating system (to perform memory management tasks and to support hibernation)
- uses any buffers to hold data (such as
BufferedReader). The OS cache and in the in-memory copy of the data are also retained in this case. - bases its control flow on Reflection that circumvents any countermeasures to limit the lifetime of sensitive variables
- reveals sensitive data in debugging messages, log files, environment variables or through thread dumps and core dumps
Currently, complete mitigation requires support from the underlying operating system. For instance, if swapping out of sensitive data is an issue, a secure operating system that disables swapping and hibernation is indispensable.
...