Secure garbage collection: Preventing malicious data harvesting from deallocated Java objects inside the Dalvik VM

We study the problem of data exposure in main memory caused by insecure deallocation, which is still the default in all common memory management schemes. We propose declarative approaches to handle unreasonably long data lifetime at the programming language level, and present several directions on how current platforms can be improved to minimize the lifetime of confidential data. For the particularly difficult case of Java with its automated garbage collection approach, we present a specific implementation of our approach for the Dalvik VM runtime environment. We give the application level programmer of Android more control over memory by making garbage collection predictable, and by providing the ability to explicitly override and free memory. While the performance impact arising from our approach is negligible in most scenarios, we prove its effectiveness by validating that no freed Java objects can be traced in RAM at runtime anymore.