Jump to content

Data in use

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Cryptodd (talk | contribs) at 00:52, 15 November 2013. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Data in Use is an IT term referring to active data which is stored in a non-persistent digital state typically in computer random access memory (RAM), CPU caches, or CPU registers.

Three States of Data

Data in Use is used as a complement to the terms Data in Motion and Data at Rest which together define the three states of digital Data.

Alternative definitions of Data in Use

While data in use most commonly refers to data in computer memory, some Cloud Software-as-a-Service (SaaS) providers refer to data in use as any data currently being processed by applications.[1]

Concerns about Data in Use

Because of its nature, Data in Use is of increasing concern to businesses, government agencies and other institutions. Data in use, or memory, can contain sensitive data including digital certificates, encryption keys, intellectual property (software algorithms, design data), and personally identifiable information. Compromising data in use enables access to encrypted data at rest and data in motion. For example, someone with access to random access memory can parse that memory to locate the encryption key for data at rest. Once they have obtained that encryption key, they can decrypt encrypted data at rest. Threats to data in use can come in the form of cold boot attacks, malicious hardware devices, [rootkits] and bootkits.

Protecting Data in Use - Full Memory Encryption

Encryption, which prevents data visibility in the event of its unauthorized access or theft, is commonly used to protect Data in Motion and Data at Rest and increasingly recognized as an optimal method for protecting Data in Use.

There have been multiple projects to encrypt memory. Microsoft xBox systems are designed to provide memory encryption and the company [PrivateCore] presently as a commercial software product vCage to provide full memory encryption for x86 servers.

Protecting Data in Use - CPU-based Key Storage

Operating system kernel patches such as TRESOR and Loop-Amnesia modify the operating system so that CPU registers can be used to store encryption keys and avoid holding encryption keys in RAM. While this approach is not generally purposes and does not protect all data in use, it does protect against cold boot attacks. Encryption keys are held inside the CPU rather than in RAM so that data at rest encryption keys are protected against attacks that might compromise encryption keys in memory.

Protecting Data in Use - Enclaves

Enclaves enable an “enclave” to be secured with encryption in RAM so that enclave data is encrypted while in RAM but available as clear text inside the CPU and CPU cache. Intel Corporation has introduced the concept of “enclaves” as part of its Software Guard Extensions. Intel revealed an architecture combining software and CPU hardware in technical papers published in 2013.[2]

Protecting Data in Use - Cryptographic Protocols

Several cryptographic tools, including secure multi-party computation and homomorphic encryption, allow for the private computation of data on untrusted systems. Data in use could be operated upon while encrypted and never exposed to the system doing the processing.

References

  1. ^ "CipherCloud encrypts data across multiple cloud apps". Searchstorage.techtarget.com. 2012-09-06. Retrieved 2013-11-08.
  2. ^ "Intel Software Guard Extensions (SGX) Is Mighty Interesting". Securosis. 2013-07-15. Retrieved 2013-11-08.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Data_in_use&oldid=581703831"