Giter Club home page Giter Club logo

memguard's Introduction

MemGuard

Easy and secure handling of sensitive memory, in pure Go.

This is a thread-safe package, designed to allow you to easily handle sensitive values in memory. It supports all major operating systems and is written in pure Go.

Features

  • Interference from the garbage-collector is blocked by using system-calls to manually allocate memory.
  • It is very difficult for another process to find or access sensitive memory as the data is sandwiched between guard-pages. This feature also acts as an immediate access alarm in case of buffer overflows.
  • Buffer overflows are further protected against using a random canary value. If this value changes, the process will panic.
  • We try our best to prevent the system from writing anything sensitive to the disk. The data is locked to prevent swapping, system core dumps can be disabled, and the kernel is advised (where possible) to never include the secure memory in dumps.
  • True kernel-level immutability is implemented. That means that if anything attempts to modify an immutable container, the kernel will throw an access violation and the process will terminate.
  • All sensitive data is wiped before the associated memory is released back to the operating system.
  • Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
  • Accidental memory leaks are mitigated against by harnessing Go's own garbage-collector to automatically destroy containers that have run out of scope.

Some of these features were inspired by libsodium, so credits to them.

Full documentation and a complete overview of the API can be found here.

Installation

Although we do recommend using a release, the simplest way to install the library is to go get it:

$ go get github.com/awnumar/memguard

If you would prefer a signed release that you can verify and manually compile yourself, download and extract the latest release. Then go ahead and run:

$ go install -v ./

The latest release is guaranteed to be cryptographically signed with my most recent PGP key, which can be found on keybase. To import it directly into GPG, run:

$ curl https://keybase.io/awn/pgp_keys.asc | gpg --import

We strongly encourage you to vendor your dependencies for a clean and reliable build. Go's dep makes this task relatively frictionless.

memguard's People

Contributors

lukegb avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.