Modern computers keep long memories. Traces of user activities -
visited websites, voice-over-IP conversations, watched videos - remain in application and OS memory, file system, device drivers, memory of peripheral devices, etc. Even Web browsers that support "private" or "incognito" mode leave evidence of user behavior in system resources outside their control.
This talk will present the design and implementation of Lacuna, a system that allows users to run programs in "private sessions." After the session is over, all evidence of the program's execution is erased. The key abstraction in Lacuna is an "ephemeral channel", which allows the protected program to talk to peripheral devices while making it possible for all memories of this communication to be deleted from the host. Lacuna can run full-system applications with protected graphics, sound, USB, and network channels with only a modest CPU overhead.