C++ Logo

sg12

Advanced search

[SG12] p1315 secure_clear

From: JF Bastien <cxx_at_[hidden]>
Date: Fri, 24 Apr 2020 15:12:38 -0700
Hello SG12/UB folks,

I'd like to start a discussion about p1315 <http://wg21.link/p1315>
secure_clear. Please see the paper's history on github
<https://github.com/cplusplus/papers/issues/67>.

Here's what I'd want SG12's help on: assume that there's a need for some
sort of "secure clearing of memory", how do we fit this into the abstract
machine? What behavior do we specify, what do we leave open, while meeting
the stated security goals?

For example:

   - If we clear "memory" then we're not clearing registers, stack copies,
   caches, etc. What, if anything, should we say?
   - How do we talk about calling secure_clear right before deallocation
   functions in such a way that memory is still cleared?
   - The current paper doesn't say what value is stored (unlike memset_s).
   What's the best way to do this?


How should we talk about the feature so it best fits in C++? What should we
change about the abstract machine to make it happen?

Once SG12 is satisfied with the paper, I'd like EWG and LEWG to review it.
We also need to synchronize with WG14. Should we also talk to WG23?

Thanks,

JF

Received on 2020-04-24 17:15:48