Erase Action
Action Type: Erase
Securely deletes sensitive data before terminating the application.
Available for: All platforms (Desktop, Mobile, Server)
How It Works
The Erase action triggers custom data erasure logic before calling Environment.Exit(-1).
Behavior:
- Executes custom erasure logic
- Overwrites sensitive memory regions
- Clears encryption keys
- Deletes temporary files
- Then terminates application
Implementation Required
You must implement the data erasure logic using custom actions. Monitor does not automatically know what data to erase.
When to Use
Recommended for:
- Financial Applications - Credit card data, account credentials
- Healthcare Apps - PII/PHI, patient records
- Encryption Key Storage - AES keys, RSA private keys
- Password Managers - Master passwords, vault keys
- Cryptocurrency Wallets - Private keys, seed phrases
- High-security Environments - Classified data, trade secrets
Not recommended for:
- Applications without sensitive in-memory data
- Web applications (session data is request-scoped)
Implementation
Basic Erase Action
C#
await Payload.ConfigureAsync(config =>
{
config.RegisterCustomAction("secure-erase", async (threat) =>
{
// 1. Erase encryption keys
if (encryptionKeys != null)
{
Array.Clear(encryptionKeys, 0, encryptionKeys.Length);
}
// 2. Overwrite sensitive data
if (userCredentials != null)
{
SecureMemory.Clear(userCredentials);
}
// 3. Delete temporary files
if (Directory.Exists(tempDataPath))
{
Directory.Delete(tempDataPath, recursive: true);
}
// 4. Log incident
await SecurityLog.WriteAsync($"Erase triggered: {threat.Description}");
// 5. Terminate
Environment.Exit(-1);
});
config.AddProtection(ProtectionModuleType.DebuggerDetection, "secure-erase");
});await Payload.ConfigureAsync(config =>
{
config.RegisterCustomAction("secure-erase", async (threat) =>
{
// 1. Erase encryption keys
if (encryptionKeys != null)
{
Array.Clear(encryptionKeys, 0, encryptionKeys.Length);
}
// 2. Overwrite sensitive data
if (userCredentials != null)
{
SecureMemory.Clear(userCredentials);
}
// 3. Delete temporary files
if (Directory.Exists(tempDataPath))
{
Directory.Delete(tempDataPath, recursive: true);
}
// 4. Log incident
await SecurityLog.WriteAsync($"Erase triggered: {threat.Description}");
// 5. Terminate
Environment.Exit(-1);
});
config.AddProtection(ProtectionModuleType.DebuggerDetection, "secure-erase");
});Secure Memory Erasure
Array Clearing
C#
// Clear byte arrays (encryption keys, passwords)
private static void SecureErase(byte[] data)
{
if (data != null)
{
Array.Clear(data, 0, data.Length);
// Double-overwrite for extra security
for (int i = 0; i < data.Length; i++)
{
data[i] = 0xFF;
}
Array.Clear(data, 0, data.Length);
}
}// Clear byte arrays (encryption keys, passwords)
private static void SecureErase(byte[] data)
{
if (data != null)
{
Array.Clear(data, 0, data.Length);
// Double-overwrite for extra security
for (int i = 0; i < data.Length; i++)
{
data[i] = 0xFF;
}
Array.Clear(data, 0, data.Length);
}
}String Clearing (Unsafe)
C#
private static unsafe void SecureEraseString(string text)
{
if (text == null) return;
fixed (char* ptr = text)
{
for (int i = 0; i < text.Length; i++)
{
ptr[i] = '\0';
}
}
}private static unsafe void SecureEraseString(string text)
{
if (text == null) return;
fixed (char* ptr = text)
{
for (int i = 0; i < text.Length; i++)
{
ptr[i] = '\0';
}
}
}Using SecureString
C#
private static void ClearSecureString(SecureString secureString)
{
if (secureString != null && !secureString.IsReadOnly())
{
secureString.Clear();
secureString.Dispose();
}
}private static void ClearSecureString(SecureString secureString)
{
if (secureString != null && !secureString.IsReadOnly())
{
secureString.Clear();
secureString.Dispose();
}
}Code Examples
Financial Application
C#
config.RegisterCustomAction("financial-erase", async (threat) =>
{
try
{
// Erase credit card data
if (paymentData != null)
{
SecureErase(paymentData.CardNumber);
SecureErase(paymentData.CVV);
paymentData = null;
}
// Erase session tokens
if (authTokens != null)
{
foreach (var token in authTokens)
{
SecureEraseString(token);
}
authTokens.Clear();
}
// Erase encryption keys
SecureErase(aesKey);
SecureErase(hmacKey);
// Log incident to audit system
await AuditLog.WriteAsync(new AuditEvent
{
Type = "SecurityShutdown",
Reason = threat.Description,
Timestamp = DateTime.UtcNow
});
// Delete temporary transaction files
if (Directory.Exists("temp/transactions"))
{
Directory.Delete("temp/transactions", true);
}
}
finally
{
// Force garbage collection
GC.Collect();
GC.WaitForPendingFinalizers();
GC.Collect();
// Terminate
Environment.Exit(-1);
}
});config.RegisterCustomAction("financial-erase", async (threat) =>
{
try
{
// Erase credit card data
if (paymentData != null)
{
SecureErase(paymentData.CardNumber);
SecureErase(paymentData.CVV);
paymentData = null;
}
// Erase session tokens
if (authTokens != null)
{
foreach (var token in authTokens)
{
SecureEraseString(token);
}
authTokens.Clear();
}
// Erase encryption keys
SecureErase(aesKey);
SecureErase(hmacKey);
// Log incident to audit system
await AuditLog.WriteAsync(new AuditEvent
{
Type = "SecurityShutdown",
Reason = threat.Description,
Timestamp = DateTime.UtcNow
});
// Delete temporary transaction files
if (Directory.Exists("temp/transactions"))
{
Directory.Delete("temp/transactions", true);
}
}
finally
{
// Force garbage collection
GC.Collect();
GC.WaitForPendingFinalizers();
GC.Collect();
// Terminate
Environment.Exit(-1);
}
});Cryptocurrency Wallet
C#
config.RegisterCustomAction("wallet-erase", async (threat) =>
{
try
{
// Erase private keys
if (privateKeys != null)
{
foreach (var key in privateKeys)
{
SecureErase(key.KeyData);
}
privateKeys.Clear();
}
// Erase seed phrase
if (seedPhrase != null)
{
for (int i = 0; i < seedPhrase.Length; i++)
{
SecureEraseString(seedPhrase[i]);
seedPhrase[i] = null;
}
}
// Erase cached balances and addresses
walletCache?.Clear();
// Log to secure audit trail
await BlockchainLogger.LogSecurityEventAsync(
"WalletEmergencyShutdown",
threat.ThreatId
);
// Overwrite wallet file with zeros
if (File.Exists(walletPath))
{
var fileSize = new FileInfo(walletPath).Length;
var zeros = new byte[fileSize];
File.WriteAllBytes(walletPath, zeros);
File.Delete(walletPath);
}
}
finally
{
Environment.Exit(-1);
}
});config.RegisterCustomAction("wallet-erase", async (threat) =>
{
try
{
// Erase private keys
if (privateKeys != null)
{
foreach (var key in privateKeys)
{
SecureErase(key.KeyData);
}
privateKeys.Clear();
}
// Erase seed phrase
if (seedPhrase != null)
{
for (int i = 0; i < seedPhrase.Length; i++)
{
SecureEraseString(seedPhrase[i]);
seedPhrase[i] = null;
}
}
// Erase cached balances and addresses
walletCache?.Clear();
// Log to secure audit trail
await BlockchainLogger.LogSecurityEventAsync(
"WalletEmergencyShutdown",
threat.ThreatId
);
// Overwrite wallet file with zeros
if (File.Exists(walletPath))
{
var fileSize = new FileInfo(walletPath).Length;
var zeros = new byte[fileSize];
File.WriteAllBytes(walletPath, zeros);
File.Delete(walletPath);
}
}
finally
{
Environment.Exit(-1);
}
});Healthcare Application
C#
config.RegisterCustomAction("hipaa-erase", async (threat) =>
{
try
{
// Erase patient PII/PHI
if (patientData != null)
{
SecureEraseString(patientData.SSN);
SecureEraseString(patientData.MedicalRecordNumber);
SecureEraseString(patientData.DateOfBirth);
patientData = null;
}
// Erase cached medical records
if (medicalRecordsCache != null)
{
foreach (var record in medicalRecordsCache)
{
record.Value?.Clear();
}
medicalRecordsCache.Clear();
}
// Erase database connection strings
SecureEraseString(dbConnectionString);
// Log HIPAA security incident
await HipaaAuditLog.RecordSecurityIncidentAsync(new
{
IncidentType = "EmergencyDataErasure",
ThreatType = threat.ModuleType.ToString(),
Timestamp = DateTime.UtcNow,
UserId = CurrentUser.Id
});
// Delete temporary medical image files
if (Directory.Exists("temp/medical-images"))
{
foreach (var file in Directory.GetFiles("temp/medical-images"))
{
// Overwrite with random data before deletion
var fileSize = new FileInfo(file).Length;
var randomData = new byte[fileSize];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(randomData);
}
File.WriteAllBytes(file, randomData);
File.Delete(file);
}
Directory.Delete("temp/medical-images");
}
}
finally
{
GC.Collect();
Environment.Exit(-1);
}
});config.RegisterCustomAction("hipaa-erase", async (threat) =>
{
try
{
// Erase patient PII/PHI
if (patientData != null)
{
SecureEraseString(patientData.SSN);
SecureEraseString(patientData.MedicalRecordNumber);
SecureEraseString(patientData.DateOfBirth);
patientData = null;
}
// Erase cached medical records
if (medicalRecordsCache != null)
{
foreach (var record in medicalRecordsCache)
{
record.Value?.Clear();
}
medicalRecordsCache.Clear();
}
// Erase database connection strings
SecureEraseString(dbConnectionString);
// Log HIPAA security incident
await HipaaAuditLog.RecordSecurityIncidentAsync(new
{
IncidentType = "EmergencyDataErasure",
ThreatType = threat.ModuleType.ToString(),
Timestamp = DateTime.UtcNow,
UserId = CurrentUser.Id
});
// Delete temporary medical image files
if (Directory.Exists("temp/medical-images"))
{
foreach (var file in Directory.GetFiles("temp/medical-images"))
{
// Overwrite with random data before deletion
var fileSize = new FileInfo(file).Length;
var randomData = new byte[fileSize];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(randomData);
}
File.WriteAllBytes(file, randomData);
File.Delete(file);
}
Directory.Delete("temp/medical-images");
}
}
finally
{
GC.Collect();
Environment.Exit(-1);
}
});Best Practices
1. Multi-Pass Overwriting
C#
private static void SecureEraseMultiPass(byte[] data, int passes = 3)
{
if (data == null) return;
using (var rng = RandomNumberGenerator.Create())
{
for (int pass = 0; pass < passes; pass++)
{
// Random data
rng.GetBytes(data);
// All ones
for (int i = 0; i < data.Length; i++)
data[i] = 0xFF;
// All zeros
Array.Clear(data, 0, data.Length);
}
}
}private static void SecureEraseMultiPass(byte[] data, int passes = 3)
{
if (data == null) return;
using (var rng = RandomNumberGenerator.Create())
{
for (int pass = 0; pass < passes; pass++)
{
// Random data
rng.GetBytes(data);
// All ones
for (int i = 0; i < data.Length; i++)
data[i] = 0xFF;
// All zeros
Array.Clear(data, 0, data.Length);
}
}
}2. Force Garbage Collection
C#
// After erasing, force GC to clean up
GC.Collect();
GC.WaitForPendingFinalizers();
GC.Collect();// After erasing, force GC to clean up
GC.Collect();
GC.WaitForPendingFinalizers();
GC.Collect();3. Erase Before Exception
C#
config.RegisterCustomAction("safe-erase", async (threat) =>
{
try
{
// Erase sensitive data
EraseAllSensitiveData();
}
catch (Exception ex)
{
// Log error but still terminate
await Logger.LogErrorAsync(ex);
}
finally
{
// Always terminate even if erase fails
Environment.Exit(-1);
}
});config.RegisterCustomAction("safe-erase", async (threat) =>
{
try
{
// Erase sensitive data
EraseAllSensitiveData();
}
catch (Exception ex)
{
// Log error but still terminate
await Logger.LogErrorAsync(ex);
}
finally
{
// Always terminate even if erase fails
Environment.Exit(-1);
}
});4. Audit Logging
C#
// Always log erasure events for compliance
await AuditLog.WriteAsync(new
{
EventType = "DataErasure",
Reason = threat.Description,
ItemsErased = new[] { "EncryptionKeys", "UserCredentials", "SessionTokens" },
Timestamp = DateTime.UtcNow
});// Always log erasure events for compliance
await AuditLog.WriteAsync(new
{
EventType = "DataErasure",
Reason = threat.Description,
ItemsErased = new[] { "EncryptionKeys", "UserCredentials", "SessionTokens" },
Timestamp = DateTime.UtcNow
});Platform Compatibility
| Platform | Support | Notes |
|---|---|---|
| Windows | ✔ | Full support |
| Linux | ✔ | Full support |
| macOS | ✔ | Full support |
| Android | ✔ | Full support |
| iOS | ✔ | Full support |
| .NET 6+ | ✔ | Full support |
| .NET Framework | ✔ | Full support |
Security Considerations
Memory Residency
Even after Array.Clear(), data may remain in memory due to garbage collection delays or memory paging. For maximum security, use multi-pass overwriting and force garbage collection.
Disk Caching
If sensitive data was written to disk, use secure file deletion (multiple overwrites) before deleting files.
Related Actions
- Close - Terminate without erasure
- Custom - Implement custom erasure logic
- Log - Record without terminating
All Actions
View all action types
Custom Actions
Create erasure handlers