Implementing Erasure Policies Using Taint Analysis
Security or privacy-critical applications often require access to sensitive
information in order to function. But in accordance with the principle of least
privilege - or perhaps simply for legal compliance - such applications should
not retain said information once it has served its purpose. In such scenarios
timely disposal of data is known as an information erasure policy. This work
studies software-level information erasure policies for the data manipulated by
programs. The paper presents a new approach to the enforcement of such policies.
We adapt ideas from dynamic taint analysis to track how sensitive data sources
propagate through a program and erase them on demand. The method is implemented
for Python as a library, with no modifications to the runtime system. The
library is easy to use, and allows programmers to indicate information-erasure policies with only minor modifications to their code.
The library and the example (eager erasure) can be downloaded here
The library and the example (lazy erasure) can be downloaded here