> http://www.citi.umich.edu/u/provos/papers/swapencrypt.ps.gz

Whatever happened to plain text?  I'd happily have given up the
graphics, or had them turned into external references, for the sake of
a plain text version.  (One that's readable online, greppable, can be
cut-and-pasted from, etc.)

But yes, I've read it.  A nice piece of work.  I think the only thing
I'd add to it is that I'd like to see encryption keys be per-process,
in a sense: I'd take the mechanism as described except that the
encryption key for a page is not just the key for its block of swap,
but that combined somehow (XOR?) with a nonce key attached to the
process that owns the page.  (I'm not sure what to do with pages that
belong to multiple processes; perhaps they could travel under the key
of the process that first created them.  Perhaps I really mean "VM
object" rather than "process".)  I'd get warm fuzzies from knowing that
as soon as my process terminates, its swapped-out precious data goes
unreadable immediately.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B