The present invention relates to computer methods, systems and computer program products that locate and optionally alter sensitive information in core dumps.
In a conventional computer system, operating system software is responsible for managing and mediating access between application programs, system hardware and operators interacting with the system. For example, the operating system may schedule tasks, allocate processor and storage resources and provide interfaces that allow operators and application programs to interact with each other, with available hardware resources and with other system processes.
During operation, an error may occur somewhere in the system, which causes instability in the operating system. Such errors may cause an outright failure of the operating system or a failure in a component of the operating system. In order to diagnose operating system failures, many operating systems support “core dumps”. A core dump typically represents a snapshot of the state of the computer system at the moment of the event that triggered the core dump. For example, an operating system may generate a core dump of the system memory upon the abnormal termination of an application program, e.g., for attempting to access a protected or restricted memory region. As another example, an error caused by a hardware device or error in the computer code of a device driver for the hardware device may cause the operating system to generate a core dump of the system memory.
A core dump may not include the history of events that lead up to the root cause of the error. If a core dump includes a trace table containing a history of significant events, such as supervisor calls (SVC calls), such information may be limited, e.g., going back in time only a few seconds. Moreover, understanding the information contained within a core dump often requires a level of expertise that is not readily available to typical operators of a corresponding operating system. As such, it is not uncommon to transmit a core dump to an expert, e.g., a software support group managed by an operating system vendor, to diagnose an error or to locate a software bug.
As the core dump represents a snapshot of memory, it is possible that the core dump will contain information that an operator may not want to divulge. Thus, system operators, including banks, credit card companies and other entities entrusted with sensitive information, are typically reluctant to send core dumps to service support teams of the operating system vendor or other third party due to the risk of disclosing sensitive information that could be used to compromise the security of the enterprise or to the individuals or entities that have entrusted sensitive information to the system operator. Due to potential security exposures of sensitive information, an operator may refuse to send the core dump to the third party, or the operator may have to recreate the problem using dummy data. Either conventional option is inefficient and time consuming.