|
|
|
|
|
|
by java-man
4094 days ago
|
|
|
I agree, there should exists explicit OS mechanisms to prevent leakage, be it via DMA, paging, or any other way. In the absence of such mechanisms, especially when mlock() is unavailable (if running a Java app, for example), the app designer can use tricks like one described above to increase the level of difficulty for an attacker. It is not a solution, but an additional countermeasure. |
|
|
Or use something like https://github.com/LucidWorks/mlockall-agent