My application stores user interactions in an encrypted file that it gathers during what I can a Session. A session is like an offline exam so not only do we store the answers but also the mouse clicks, screen shots, etc.
A session has to remain ATOMIC so I keep saving incremental files and patch them up together at the end of the session. If the app finds traces of tampered files, it marks the session as disqualified.
What I want to achieve:
- The created incremental files only to be accessible by the application. In other words, no one with even elevated privileges should be able to modify or delete them.
- A non-Windows dependent way for the application to ensure that no one has tampered with the incremental files when a session is being packaged up.
- Memory tamper-proofing. In other words, if memory data has been modified by force, my app should get to know about it. Is this possible?
I have thought about IsolatedStorage, hashing, etc. but wanted advice from others who have done this kind of thing.
You can use SecureString to store sensitive information, but only in memory. And avoid memory dump.
You can encrypt the files to avoid sensitive information to be saw in filesystem.
You can’t avoid file deletion, you can lock the files for the lifetime of your application, but this ins’t bulletproof.