Embodiments presented in this disclosure generally relate to data security, and more specifically, to protecting sensitive data during data captures associated with diagnosing and debugging operations.
Computer programs, such as operating systems, may experience hardware errors causing the program to terminate abnormally or otherwise fail from time to time (often referred to as a program or computer “crash”). In an effort to prevent similar crashes and thereby improve a program's stability, diagnostic and/or debugging operations are typically performed that capture a snapshot of the current state of the computer at the time of the crash. The snapshot, sometimes referred to as a “core dump,” “memory dump,” or “system dump,” typically includes data from the computer's memory, as well as data from the processor (e.g., data stored in the processor registers or cache, information about the processor registers, flags, etc.) that had been executing the program at the time of the crash.
Diagnostic and debugging operations are generally agnostic to the nature of the data being handled by computer programs. That is, these operations are concerned with capturing the operational state of the computer and any conditions that may have caused the crash (e.g., hardware errors), and so handle all program data in the same manner, whether sensitive or not. Thus, data captures performed by these types of operations may create data security breaches by exposing sensitive data to those not authorized to handle it, which in certain cases may give rise to criminal or civil liability.