Zeroization of sensitive data in byte stream
I am using ICE for C++, and I have a question about the following issue:
According to secure coding standards, the memory buffers where sensitive data is allocated (e.g. user passwords) has to be zeroized (cleared) as soon as the data is not needed.
Sensitive data can be received as an input parameter to an operation, or can be returned as an output parameter.
Zeroization of input parameters is easy because the server can zeroize the data after the processing. Zeroization of output parameters is a little more complex, because they are last used by the code generated by slice2cpp. What I have done is to return sensitive data wrapped in an object of a class whose destructor zeroizes the data.
However, my concern is about the stream of bytes used internally by ICE. As far as I know, the input byte stream is decoding to create the input parameters of operations. Similarly, output parameters are encoded in a byte stream before sending it to the client. Therefore, such byte stream may contain sensitive information. My question is:
How can I zeroize those byte streams?