Can I hide a .NET in-memory variable from Administrative user with physical access?

Question

Let's say that there's a piece of sensitive information that's stored in memory and it's defined as follows:

private readonly String Key;

The Key variable is assigned a value using an argument passed to the constructor of the owning class. That value is obtained via a Console.ReadLine() call that takes place via a helper app. That console app is then closed after the value is propagated where it's supposed to go. The value is never written or read to a file or the registry. It's purely an in-memory kind of deal.

It's really important that this key not be made known to anyone, including the various consultants who may have Administrator access on the domain, not to mention physical access to the computer.

I've been trying to come up with some bullet-proof way to protect this Key value but I can't really come up with anything. Am I correct in assuming that anyone with Administrative access could simply launch Visual Studio, attach to the process, and then track down the value of Key?

Again, just to be clear. We can tolerate the destruction of the physical machine or the theft of any data residing on that machine. The only thing we can't tolerate is the loss or theft of in the in-memory Key while the app is running.

(This app is running on .NET 4.5, Windows 2008 Server)

Any ideas?

Answer 1

No, you cannot prevent someone with physical access from reading memory; they'd always be able to probe the physical memory bus. And in user mode, you can't even prevent other administrative programs from reading memory; as you said they can just attach as a debugger.

There are systems designed to make it difficult to get to keys stored on physical devices (e.g. the Trusted Platform Module, smart cards, modern video game consoles, Blu-ray players, etc.) but these things make it difficult, not impossible, and aren't available to Joe .NET App.