I have a C# ASP.net MVC application where hundreds of users input very confidential data everyday. The client browser connects to my back-end with an end-to-end TLS encrypted connection so I'm not worries about the data not being encrypted by the HTML form.
Once the confidential data arrives to my back-end, it is used over another TLS connection and is not stored on any disks nor a database, except in string variables in memory. Now that's an issue because I need to dispose of the confidential data as soon as possible so in case an attacker gets access to the disk I'm using, they could not retrieve the confidential info from a memory dump. (the disk is running on an instance in the cloud so accessing a disk in a compromised account is not as difficult as it used to be)
I know I could use SecureString to be able to call Dispose() on the variable after I used it to make sure it is removed from the memory which is good. However, I am not sure how I can use this with a Model. Below is code snippet.
public class InputModel
{
Private String confidential;
// Getters and Setters
}
public ActionResult Index(InputModel inputModel)
{
//Create a SecureString "secureString" and store inputModel.confidential in
}
Now I could dispose secureString at any time, but inputModel.confidential is going to stay in memory which makes the whole use of SecureString irrelevant.
How can I deal with this?
Points to keep in mind:
- My server is pretty secure. I am not expecting SecureString to help me encrypt the variable against a virus that might run on the server. I just want to make sure no one could retrieve the credentials from a memory dump (or at least, significantly reduce the amount of credential that can be retrieved) if the disk is accessed.
- I am using TLS in all client-server communication. I do not need anything to be encrypted by the application.
