.NET安全存储器结构 [英] .NET Secure Memory Structures
问题描述
我知道.NET库提供存储在受保护/安全的方式字符串的方式= SecureString的。
I know the .NET library offers a way of storing a string in a protected/secure manner = SecureString.
我的问题是,如果我想用来存储一个字节数组,这将是最好的,最安全的容器来保存呢?
My question is, if I would like to store a byte array, what would be the best, most secure container to hold this?
推荐答案
要了解的脆弱性是非常重要的该System.String类型。这是不可能让它完全安全,SecureString的存在的减少的暴露的风险。 System.String是有风险的,因为:
It is important to understand the vulnerability of the System.String type. It is impossible to make it completely secure, SecureString exists to minimize the risk of exposure. System.String is risky because:
- 它们的内容是可见的其他地方,而不必使用调试器。攻击者可以查看页面文件(C:\pagefile.sys),它保留了被交换到磁盘,以腾出空间为需要RAM
- 垃圾回收堆压缩堆,但不重置是freed-存储器的内容向上。它可以从你的程序保留在内存中的串数据的副本,完全是遥不可及。
你不能擦洗的字符串的内容
下面清晰的风险是,使用后的字符串,因而大大增加了攻击者可以看到它的几率字符串内容可以是可见的长。 SecureString的通过存储在非托管内存,它是不受垃圾收集而使字符串内容的流浪中的字符串复制提供了一个解决方法。
The clear risk here is that the string content can be visible long after the string was used, thus greatly increasing the odds that an attacker can see it. SecureString provides a workaround by storing the string in unmanaged memory, where it is not subject to the garbage collector leaving stray copies of the string content.
现在怎么样应该清楚你可以用相同的那种SecureString的提供担保的创建自己的安全数组的版本。你做的不的有永恒的问题,清理的阵列使用后,它是没有问题的。这本身几乎总是不够好,隐含在减少暴露的可能性是,你不保持对数组的引用很长时间无论是。这样的阵列的数据的无用单元收集后存活的非擦洗拷贝的可能性应该已经是低的。您的可以的降低风险为好,只存在于阵列少超过85000字节。无论是做SecureString的做它的方式,并使用Marshal.AllocHGlobal()。或者通过的钉扎的数组,GCHandle.Alloc()。
It should be clear now how you can create your own version of secure array with the same kind of guarantees that SecureString provides. You do not have the immutability problem, scrubbing the array after you use it is not a problem. Which in itself is almost always good enough, implicit in reducing the likelihood of exposure is that you don't keep a reference to the array for very long either. So the odds of the non-scrubbed copy of the array data surviving after a garbage collection should already be low. You can reduce that risk as well, present only for arrays less than 85,000 bytes. Either by doing it the way SecureString does it and using Marshal.AllocHGlobal(). Or much easier by pinning the array, GCHandle.Alloc().
这篇关于.NET安全存储器结构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
