Professional Documents
Culture Documents
NET Security
Srikanth
Security Levels
Security By CLR
Memory usage Resource usage System.Security.Permissions System.Security.Policy System.Security.Principal System.Security.Cryptography Assembly Attributes
Security API
Security Types
Evidence
Any object may be evidence but there are some standard objects:
Assembly
Evidence Objects:
Host
Evidence Objects:
Assembly Evidence
Hash identifies assembly contents Strong Name identifies assembly author and version Publisher identifies author AND establishes trustworthiness of author
Host Evidence
Host Evidence is provided by the loader of the assembly, not the assembly itself Zone, Url and Site establish where the assembly came from. Code from c:\Program Files may get more rights than code from www.evilhackers.com.
Policy Levels
Policy determines what code groups an assembly belongs to on the basis of its evidence. Four policy levels: Enterprise, Machine, User, AppDomain Each Policy Level determines a grant set; only permissions found in all four are granted
Permissions
Each code group has a permission set Permissions are objects which represent the right to do something, eg:
Create
user interface elements Read environment variables Access DNS servers Write files Modify the security system Etc.
A fundamental attack pattern: trick highly trusted code into doing something on behalf of less trusted code Code based security is designed to mitigate luring attacks
The Demand
FStream = New FileStream(C:\Temp.txt", _ FileMode.OpenOrCreate, FileAccess.Write)
When this code runs the FileStream constructor creates a FileIOPermission object and calls Demand() on it. The security system examines the stack. Every assembly on the stack must have been granted this permission. Code which cannot access the file system may not trick highly trusted code into doing so.
Alpha
calls
A has P?
Beta
calls
B has P?
Gamma
Demand P
Asserting Permission
Alpha
calls
Beta
calls
Gamma
Demand P
Deny and PermitOnly force stack walks to fail early. LinkDemand is a weaker, less expensive, less secure Demand InheritanceDemand allows you to restrict subclassing Grant sets may be manipulated with RequireMinimum, RequestRefuse, RequestOptional AllowPartiallyTrustedCallers enables developers to prevent all potential luring attacks
System.Security.Permission
EnvironmentPermissionAttribute
FileDialogPermissionAttribute
FileIOPermissionAttribute
IsolatedStoragePermissionAttribute
System.Security.Policy
AllMembershipCondition
CodeGroup Evidence
PolicyLevel PolicyStatement
StrongName
Run at least privilege; avoid extra perms If omitted, all allowed permissions granted
APIs document permissions they require Know resources exposed by APIs you call
Permission Request
Cant take permissions not granted by policy Minimum - dont run w/o these permissions Optional - can use permissions if available Refused - never grant these permissions May grant < ALLOWED permissions
GRANT=((MinOpt)ALLOWED)-Refused
<assembly:FileIOPermissionAttribute _
SecurityAction.RequestRefused
Cryptography API
CryptoStream class DES class (Data Encryption Standard) DESCryptoServiceProvider DSA class (Digital Signal Algorithm) MD5 class
Cryptographic APIs
SHA-1, SHA-256/-384/-512, MD5 Asymmetric: RSA, DSA Symmetric: AES, TripleDES, DES, RC2 MAC: HMAC-SHA1, MACTripleDES Open & extensible model (new algorithms)
Authorization Strategies
COM+ Roles URL Authorization Custom Authorization Windows .NET AuthZ Framework Explicit imperative/declarative checks
Encryption
Generate a key
byte[] myNewKey = alg.Key;
Decryption
Dim rng As RandomNumberGenerator = _ You choose the default implementation RandomNumberGenerator.Create() Dim bytes As Byte() = new Byte(128) {} rng.GetBytes(bytes)
Dim hash As SHA256 = SHA256.Create() Dim digest As Byte() = _ hash.ComputeHash(inputData)