290 likes | 532 Views
Security Features of MS .Net. Julia Vortman. Framework Overview. The .NET Framework is a component of the Microsoft Windows operating system used to build and run Windows-based applications
E N D
Security Features of MS .Net Julia Vortman
Framework Overview • The .NET Framework is a component of the Microsoft Windows operating system used to build and run Windows-based applications • .NET Framework is a robust platform that simplifies development of high-performance systems featuring great performance, scalability, integration, reliability, and security, with minimal deployment and management costs.
Framework Security Features • Managing user identity (trust of user) • Role-Based Security • Web Applications Security • Managing code on the client, server, or framework (trust of code) • Evidence-Based Security • Code Access Security • Cryptography
Role-Based Security Enforces security permissions based on user identity by implementing the following concepts: • Authentication • Examines user, or a principal identity through username and password verifications • Authorization • Enables or restricts principal access to specific applications/roles
.NET Framework Unified Classes ASP.NET Common Language Runtime Windows Operating System Services Web Application Security Provides web application security
Web Applications Security (Cont’d) • Additional Authentication • Authentication protocols: Microsoft Passport, Form-Based (cookie), etc. • Additional Authorization • URL authorization allows or denies access to URLs based on user identity or roles
Evidence-Based Security • Controls application’s access rights based on who wrote the code, what the code is trying to do, where it was installed from, and who is trying to run it • Before the code is executed, the security policy system examines it based on the evidence • Then, access is granted (or denied), but the code execution is limited by the allowed permissions
Evidence-Based Security Advantage • Major advantage to evidence-based security is that the code management can be restricted to using only well-defined interfaces • Code can be downloaded from unsecured sources and safely executed • Applications composed of many components can be safely installed with multiple security levels
Code Access Security • Security policy built on an evidence-based security policy system • Specifies the level of access the code has to resources and operations • Enforces security with different levels of trust • Caspol.exe is a code access security policy tool that allows a developer to examine and modify machine, user, and enterprise-level code access security policies
Code Access Security Policy • Increases the reliability and security of applications • Governed by a configurable set of rules • Determines which resources code is allowed to access and which code is allowed to run
Security Policy Levels There are four levels in the security policy system: • Enterprise Policy • Machine Policy • User Policy • Application Domain Policy
Enterprise Policy • Defined by enterprise administrators who set policy for enterprise domains • Affects every computer and user on the network • Evaluated at the runtime
Machine Policy • Defined by machine administrators who set policy for one computer • Can set policy that excludes modification from the user level but not from the enterprise level
User Policy • Lowest administrable policy level • Defined by users who set policy for a single logon account • This level is configurable by the current logged-on user
Application Domain Policy • Defined by the runtime host for setting load-time policy • Cannot be administered
Code Access Security (Cont’d) • Prevents illegal attempts to execute a protected operation based on access permissions • The code has to pass a verification process
Verification • Verification ensures that the code uses only well-defined interfaces in interacting with other objects • For instance, PEverify.exe performs MSIL type safety verification checks and metadata validation checks on a specified assembly
Cryptography • Provides functions for: • Encryption • Digital signatures • Hashing • Random number generation • The implementation uses a stream-based model • A file stream is routed into an encryption object and the resulting stream is sent to the network
Cryptography (Cont’d) • Encryption is a set of algorithms to secure data • Asymmetric encryption such as RSA and DSA • Symmetric encryption such as DES, TripleDES, and RC2 • Hashes - MD5, SHA1 • Digital Signatures • Signcode.exe signs a portable executable (PE) file with an authenticode digital signature
Cryptography (Cont’d) • Tracking XML digital signatures • Easy way for application programmers to sign XML documents and fragments. • Signed XML is a means to securely send asynchronous messages over the web
Instructor’s Editorial Comments • One of the weaknesses of PC security is that it is more of an add-on than part of the original design of the operating system. The first personal computers from Radio Shack and Apple came with 16 kilobytes of memory, and the original IBM PC with 64 kb. Since that had to include both operating system and application programs, operating system security was minimal. Windows is a direct descendent of an O/S called CP/M, an acronym for Control Program for Microcomputers.
Comments continued • Mainframes had much more elaborate security measures built into the operating system and the hardware because they had the resources to do that. Mainframes sold for millions of dollars, while personal computers originally cost a few hundred. • One difference is that mainframes tend to separate programs from data. There is a legacy of that in our security discussions when we talk about data protection measures.
Comments continued • The idea of securing data separately in an operating system is similar to putting a safe in a convenience store. Because money is more attractive to thieves than food, it is kept in a safe while the food is kept on an open shelf. • Object Oriented Systems challenge the whole paradigm of separation of program behavior from data, because both are encapsulated in each object. This creates additional problems for security system designers.
Comments continued • Microsoft referred to the limited resource problem in announcing a 64 bit version of Windows. • "We've done a lot of work with Intel and AMD who have changed how software is processed at the chip level, to enable new levels of security in 64-bit computing.” • "We've done work at the core of the system, such that if a virus attacks your machine it will prevent it from taking over your PC.”
Comments continued • "So there are things that we've done at the core that will enable higher levels of security than we see today." • (from an interview with Microsoft’s Brad Goldberg, reported on BBC News, 64-bit launch showcases Longhorn , http://news.bbc.co.uk/, Friday, 6 May, 2005.)
Glossary • Principal - the user on whose behalf code is executed. May have multiple roles. • Evidence - facts known about the code, i.e. digital signatures, the URL, site the code comes from, etc. • Permission - right to access a protected resource.
References • The Microsoft .NET Framework 1.1 Evaluation Guide http://msdn.microsoft.com/netframework/technologyinfo/evalguide/default.aspx • About .Net Security http://www.gotdotnet.com/team/clr/about_security.aspx • Technology Overview http://msdn.microsoft.com/netframework/technologyinfo/overview/default.aspx • MS .NET Framework, http://msdn.microsoft.com/net
References (Cont’d) • Security policy best practices http://www.gotdotnet.com/team/clr/SecurityPolicyBestPractices.htm • .Net Framework Cryptography http://www.gotdotnet.com/team/clr/cryptofaq.htm