The Polar Signals Profiler is an advanced tool designed for capturing profiling data. As the security of our users' data is paramount, we have crafted this documentation to address and clarify concerns related to the external hosting of profile data with the Polar Signals Cloud service.
1. Nature of Profiling Data
Metadata About Code: The Polar Signals Profiler primarily collects metadata about your code.
It does not access or store:
- Executable code
- Source code
Explicit Opt-In Required: Access to certain features like the source code viewer or upcoming assembly viewer require explicit user consent.
Metadata to translate memory addresses is extracted from binaries, and executable sections are zero'ed.
2. Memory Content Security
- No Memory Content Leaks: Rest assured, the profiler strictly confines its operations to CPU profiling, ensuring no exposure of memory content.
3. Advanced Security in Data Handling
Comparison with Other Profilers:
Other profilers tend to transfer the entire stack into the user-space. This method can inadvertently expose sensitive information, such as private keys.
Polar Signals Profiler's Advantage: The Polar Signals Profiler takes a unique approach by performing unwinding directly in the Kernel using eBPF. This ensures that only function memory offsets are sent to the user space, without exposing actual memory content. This information is also the only interface between Kernel and user space so accidental leaking is impossible through this channel.
4. Supply chain security
Polar Signals implements modern supply chain security standards.
- Ensure binaries and build processes are designed to be byte-by-byte reproducible.
- Pin dependencies and library versions to maintain consistency across builds using
go.sumadditionally authenticating them.
- Employ automated tools RenovateBot for continual updates against security vulnerabilities.
Code Scanning and Vulnerability Management:
- Utilize automated code scanning to identify and rectify security vulnerabilities and coding errors.
- Providing signatures for release artifacts to ensure integrity and authenticity using sigstore.
To disclose any security vulnerabilities please write to firstname.lastname@example.org.
Your data's security is our utmost priority. The Polar Signals Profiler has been meticulously designed to ensure the confidentiality and safety of the data it captures. With its commitment to superior security standards, you can confidently integrate Polar Signals Profiler into your workflow.
For any further questions or clarifications, please don't hesitate to reach out to our support team.