International Business Machines Corporation
Operating system garbage-collection with integrated clearing of sensitive data

Abstract:

A computerized operating system begins a garbage-collection operation by collecting a set of "garbage" data objects to be deleted. Certain of these objects are identified, either by an embedded identifier or by an entry in a sensitive-objects data structure, as containing sensitive data. When the garbage collector moves or deletes a sensitive object during the garbage-collection procedure, the collector zeroes out any residual data left at the object's original location in memory or secondary storage. If the collector determines that the object no longer has any connection to other software entities, the collector zeroes out the storage locations of all identified instances of the object. The collector then updates the data structure to indicate the current location of sensitive objects that have been moved or copied, and deletes entries for zeroed out instances of deleted sensitive objects.