[OpenAFS] Purging the client cache

Russ Allbery rra@stanford.edu
Sat, 09 Jan 2010 16:24:14 -0800


Russ Allbery <rra@stanford.edu> writes:

> It all depends on what threat model that you're trying to defend
> against.  Right now, the goal is to get unencrypted files with obvious,
> easily-accessible private information off of people's laptops.  One step
> at a time.  Scraping data out of system page files requires an attacker
> with actual tools and some understanding of how the operating system
> works; it would be nice to defend against such people as well, but
> they're considerably rarer and, in that case, you're generally looking
> at a targeted attack.

(And, yes, I realize that this same argument applies to the AFS cache, and
we are allowed to not care about the AFS cache if there's no easy
solution, but if there is one, I'd like to offer some options.  After all,
maybe some day we'll be doing something about the page file and whatnot as
well.  I don't want AFS to be the weakest link.)

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>