How to create unmanaged variables?

Asked

Viewed 106 times

2

When a variable is created, a value in memory is allocated to it, which can be accessed by any system on the outside from the address of that memory.

Creating a file to store the contents of a variable would also create a file location, which could also be accessed by memory.

I needed to create a variable whose content is not accessible by memory, nor by any application that tries to inject the value into it. In this variable will be stored the result after a decryption that could not be accessed by anything, and after the use of this content, would be "destroyed" all content used, leaving no trace in memory.

It is possible to create a variable that "Hides your content", or that it causes only those who created the variable to read it?

.net security-guard memory-management garbage-collector

  • I started answering, but the whole text doesn’t make sense. The Garbage Collector does not manage variables, so the question in this way makes no sense. It manages allocated objects in the heap managed by him. The whole first paragraph doesn’t make sense to me either. In the second paragraph it seems to think that memory is an agent aware of something, when it is only a storage place. What is the reason for this?

  • I’ll edit the question @Maniero.

3 answers

3


The Garbage Collector does not manage variables, so the question in this way makes no sense. It manages allocated objects in the heap managed by him. When you create a variable in your code it exists only in it, has nothing to do with execution. Do not confuse the concepts. Variables are not managed, do not exist during execution.

The first paragraph also has the wrong premise that can be accessed by any system. This, in general, is not true, and even in the cases that happen you can do nothing to prevent, is a compromised system.

Even after editing the second paragraph does not say what came.

The third asks for something that is normal to happen without doing anything, or has nothing to do, because it is a compromised system. Any content available within the computer can be accessed if the system is compromised. Under normal conditions only the application can access.

By compromised system understand that any machine that has a user accessing has at least the commitment towards it, ie the user does what he wants on his machine, if he has the knowledge or can delegate to another person, there’s nothing that can stop you doing that.

If you don’t want to give non-crypted access, because the algorithm that does this will already be a vulnerability that will allow you to even decrypt something that’s not even on your computer. Look for a solution that doesn’t need to be decrypted, or that isn’t done in environments you don’t control 100%, which is difficult. If you can’t do that, accept the insecurity. Anyway there’s nothing you can do in programming to try this better.

Note that the whole conceptualization is wrong, so any path based on it will be wrong by definition. And even though I answered, because I think it doesn’t come out of that, the question remains confused.

1

The operating system typically handles restricting access to memory for each application. Windows, as far as you know, requires administrator permissions to access the memory of other applications, as well as edit them.

Some processors have special features for these purposes. On the Intel side there is SGX, which allows you to run a code isolated from the system, but he’s already been found to be flawed, based on Spectre. In turn, AMD does not have features with the same property, to the best of my knowledge, but offers a memory encryption system, AMD SME, which serves to mitigate a Cold Boot, a side-Shield attack that obtains all information from the memory having physical access to the device. However, it does not protect against memory changes and the like.

Another option, more expensive, would be to use an HSM. An HSM is a device that will perform the cryptographic operation, the cheapest is the Yubihsm, but it is not programmable and you can only use existing algorithms (e.g. RSA, Ed25519, AES...). This may also not solve the problem, if you assume that the computer is compromised it can access the result received by HSM.... The only difference is you won’t have access to the keys.

1

Your concern is dump and memory injection, what I tell you, the common market platforms are all debugged.

What can you do:

  • Your application has a key pair (RSA).

  • The application encodes using the public key and stores the encrypted data in memory.

  • When you need to use the data, decode it using your private key and do all the work with the full data as quickly as possible.

  • Note that there is a time window where the full data is in memory, no matter how much you use chaos theory and so on. to carry out this process, the full data will pass through memory.

  • Also note that the asymmetric encryption mechanism is based on the fact that your application is the only private key carrier, anyway the private key will have to be stored in the application.

In practice in security critical applications a cryptographic hardware is used (ASIC).

Now if you need a pointer to pass a P/Invoke function it’s easy:

// isso não funciona, o objeto a ser pinado não pode conter tipos "não primitivos"
// object o = new object();

byte[] bytes = new byte[256];

var handle =  GCHandle.Alloc(bytes,GCHandleType.Pinned);

IntPtr ptr = handle.AddrOfPinnedObject();

handle.Free();

Gchandle.Alloc will bang the object into memory. GC will not collect it and will remain with fixed address.

Handle.Addrofpinnedobject(); gets the address itself.

Handle. Free(); // releases the allocated memory (Despina and release GC).

Browser other questions tagged .net security-guard memory-management garbage-collector

You are not signed in. Login or sign up in order to post.