How to create unmanaged variables?

1

When you create a variable, a value is allocated in memory for it, which can be accessed by any system from outside the address of that memory.

Creating a file to store the contents of a variable would also create a file location, which could also be accessed by memory.

I needed to create a variable whose contents are not accessible by memory, nor by any application that tries to inject the value into it. In this variable will be stored the result after a decryption that could not be accessed by anything, and after the use of this content, would be "destroyed" all the content used, leaving no traces in the memory.

Is it possible to create a variable that "Hides your content", or does it allow only the one who created the variable to read it?

    
asked by anonymous 08.07.2018 / 21:10

2 answers

3

The garbage collector does not handle variables, so the question in this form does not make sense. It manages allotted objects in the heap managed by it. When you create a variable in your code it only exists in it, it has nothing to do with execution. Do not confuse concepts. Variables are not managed, they do not exist during execution.

The first paragraph also has the wrong premise that can be accessed by any system. This, in general, is not true, and even in the cases that happen you can not do anything to avoid it, it's a compromised system.

Even after editing, the second paragraph does not say what it came from.

The third asks for something that is either normal to happen without doing anything, or has nothing to do, because it is a compromised system. Any content available inside the computer can be accessed if the system is compromised. Under normal conditions only the application can access.

By compromised system understand that any machine that has a user accessing has at least the commitment with respect to it, ie the user does what he wants on his machine, if he has the knowledge or can delegate to another person, there is nothing that can prevent doing this.

If you do not want to give access not decrypted, even because the algorithm that does this will already be a vulnerability that will even allow you to decrypt something that is not even on your computer. Look for a solution that does not require decryption, or that is not done in environments that you do not control 100%, which is difficult. If you can not do this, accept the insecurity. Anyway, there's nothing you can do in programming to try this better.

Notice that the whole conceptualization is wrong, so any path based on it is wrong by definition. And even though I have answered, because I do not think that comes out, the question remains confused.

    
08.07.2018 / 22:21
1

The operating system typically takes care of restricting memory access for each application. Windows, as far as you know, requires administrator permissions to access other applications' memory, as well as edit them.

Some processors have special features for these purposes. On the Intel side there is SGX, which allows you to run an isolated system code, but it has already been discovered that it has failed , based on Specter . In turn, AMD does not have features with the same properties, to my knowledge, but offers a memory encryption system, AMD SME , which serves to mitigate a Cold Boot >, a side-channel attack that obtains all the information of the memory having physical access to the device. However, it does not protect against memory changes and the like.

Another more expensive option would be to use an HSM. An HSM is a device that will perform the cryptographic operation, the cheapest is the YubiHSM , but it is not programmable and you can only use the existing algorithms (eg RSA, Ed25519, AES ...). This may also not solve the problem, assuming that the computer is compromised it can access the result received by HSM .... The only difference is that you will not have access to the keys.

    
11.07.2018 / 18:31