Concretely speaking,. NET metadata mechanism design, not only facilitates the realization of powerful features such as reflection, but also brings great hidden danger to code security and the security of program running. To date, no comparison of effective metadata visibility control methods has been found. Of course, this is not covered in this article. I'd rather be in this article on the target. NET's memory allocation mechanism discusses a more specific issue: how to protect sensitive data stored in memory?
Security issues caused by the hosting mechanism of string
A string is an object type that is used in code in a very high frequency. To improve the processing speed of strings and conserve memory space, Microsoft has designed a residency mechanism for the. NET string class. The approximate logical model is that most of the string is stored in a similar hash table, and the string is the key of the hash table, and the value for that key corresponds to a string's memory address. A string that has the same content is actually just the same string on the memory heap. It is said to be most, but not all, because a part of the dynamically created (concat) string is not entered into such a virtual hash table. The end of this article is attached to the string class source code, interested students can study.
This brings up the main problem that you cannot accurately control or predict the life cycle of a particular string. A sensitive data, such as a password, that is presented as a string is likely to persist in memory, but you predict that it will be garbage collected when it goes beyond the scope of a particular function. This allows the sensitive data to be saved to the local file pagefile when an operating system page change occurs, which is often possible. SYS, or when the operating system sleeps, sensitive data enters the Hiberfil.sys. A possible sensitive data disclosure process is:
Using the SecureString class
Now that string is unreliable, can we have any easy way to protect my sensitive data in particular? Luckily,. NET, starting with version 2.0, provides us with a set of solutions based on DPAPI-SecureString.
The SecureString class has the following attributes:
The content in the SecureString is after the encryption, not the plain text;
Using the encryption scheme of Windows DPAPI;
SecureString can only be used on NT based platforms