Making Programs Forget: Enforcing Lifetime for Sensitive Data

This paper introduces guaranteed data lifetime, a novel system property ensuring that sensitive data cannot be retrieved from a system beyond a specified time. The trivial way to achieve this is to "Reboot"; however, this is disruptive from the user's perspective, and may not even eliminate disk copies. The authors discuss an alternate approach based on state re-incarnation where data expiry is completely transparent to the user, and can be used even if the system is not designed a priori to provide the property.