SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 41

changes.mady.by.user Fred Long

Saved on

compared with

New Version 42

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • uses objects to store sensitive data whose contents are not cleared or garbage-collected after use
  • has memory pages that can be swapped out to disk as required by the operating system (to perform memory management tasks and support hibernation)
  • uses a buffer to hold sensitive data (such as BufferedReader) that retains copies of the data in the OS cache or in memory
  • bases its control flow on Reflection reflection that allows circumventing countermeasures to limit the lifetime of sensitive variables
  • reveals sensitive data in debugging messages, log files, environment variables, or through thread and core dumps

...

Currently, complete mitigation requires support from the underlying operating system. For instance, if swapping - out of sensitive data is an issue, a secure operating system that disables swapping and hibernation is indispensable.

...

This compliant solution uses a direct-allocated NIO (new I/O) buffer to read sensitive data from the file. The data can be cleared immediately after use , and is not cached or buffered at multiple locations. It exists only in the system memory.

...

Anchor
EX0
EX0

EX0: This rule may be violated when both of the following are true:
1. It can be proved that the code is free from other errors that can expose the sensitive data, and also
2. Attackers lack physical access to the target machine.

...

Bibliography

Wiki Markup
\[java:[API 2006|AA. References#API 06]\] Class {{java.nio.ByteBuffer}}
\[java:[MITRE 2009|AA. References#MITRE 09]\] [CWE ID 524|http://cwe.mitre.org/data/definitions/524.html] "Information Exposure Throughthrough Caching,", [CWE ID 528|http://cwe.mitre.org/data/definitions/528.html] "Exposure of Core Dump File to an Unauthorized Control Sphere,", [CWE ID 215|http://cwe.mitre.org/data/definitions/215.html] "Information Exposure Throughthrough Debug Information,", [CWE ID 534|http://cwe.mitre.org/data/definitions/534.html] "Information Exposure Throughthrough Debug Log Files,", [CWE ID 526|http://cwe.mitre.org/data/definitions/526.html] "Information Exposure Throughthrough Environmental Variables," and [CWE ID 226|http://cwe.mitre.org/data/definitions/226.html] "Sensitive Information Uncleared Beforebefore Release"
\[java:[Sun 2006|AA. References#Sun 06]\] [Reading ASCII Passwords From an InputStream Example|http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#ReadPassword] (JCA Reference Guide)
\[java:[Tutorials 2008|AA. References#Tutorials 08]\] [I/O from the Command Line|http://java.sun.com/docs/books/tutorial/essential/io/cl.html]

...

MSC54-J. Carefully design interfaces before releasing them      49. Miscellaneous (MSC)