1 / 48

Security in .NET

Learn about security in .NET, including permissions, cryptography, and administration. Explore core concepts, permission management, and security mechanisms to secure distributed applications effectively.

jacksongary
Download Presentation

Security in .NET

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security in .NET

  2. Objectives • Security in .NET • Basic concepts - permissions • Using and Managing permissions • Cryprography in .NET • Administer .NET Security

  3. Contents • Section 1: Overview • Section 2: Core Concepts • Section 3: Permissions • Section 4: Security Administration • Section 5: Cryptography Support • Summary

  4. Section 1: Overview • Looking back ... • .NET security core concepts

  5. Object based security models • Securing in distributed applications • User identification and authentication • Data integrity and privacy • User authorization • Security must be administrable • User wants to access securable objects • Access token and security descriptors

  6. Looking back ... • Security mechanisms • Different solutions for different issues • Samples: • Identification and authentication: Operating system account • Authorization: Active Directory – a security database • Encryption: HTTPS (HTTP over SSL) • DCOM, CORBA, and TPMs Client/user Middle tier Server client/user client/user Client process Service/ component Server process

  7. What’s wrong with that? • Trust all or nothing at all • TPMs are difficult to administer • „Luring attacks“

  8. Section 2: Core Concepts • Kinds of Security • Permissions, Policies, and Roles • Common Language Runtime • Code Groups • Stack Walking

  9. Kinds of Security • Code access security • Protection against malicious mobile code • Role-based security • Principals • User authorization • Security model is based on permissions • Heavily based on Common Language Runtime

  10. Common Language Runtime .NET Framework ASP.NET Windows Forms Services Framework Common Language Runtime Class Loader JIT compiler ... System Services

  11. Application Domain Host • Host sets up Application Domain and loads assembly • Trusted host and evidence • Different hosts • Shell • Browser • Server • Custom-designed

  12. Evidence • Information about the code • Who published the Code • Where did the Code come from • Samples of types of evidence • Signature • Publisher of the code • Strong name • URL and Site of origin

  13. Permissions, Policies, and Roles • Permissions • Access code to restricted areas • Objects to control restrictions on managed code • Security policy • Rules, that the runtime must follow to check permissions • Roles and the principal • Named set of users • Principals

  14. 1All Code PS 1.1Publisher:Microsoft 1.2Zone:Internet 1.3Zone:Local Intranet 1.4Site:newtelligence.com PS PS PS PS 1.1.1Site:LocalWeb 1.1.2Name:MS Money 1.3.1Publisher:newtelligence 1.3.2Site:LocalWeb PS PS PS PS Code Group Hierarchy

  15. Call chain Assembly A1 G1 P Assembly A2 G2 P Assembly A3 G3 P Assembly A4 G4 Code Inspection and Stack Walking • Security check • Varying levels of trust

  16. Security Namespace • System.Security.Policy • Classes to deal with permissions • System.Security.Permissions • Classes to control access to operations and resources • System.Security.Principal • Object acts on behalf of the caller • System.Security.Cryptography • Cryptographic services

  17. Declarative Security • ... with attributes • Specifying security at assembly, class or member level • Security at lower level overrides higher level • Syntax • SecurityAttribute class • SecurityAction enumeration • C# sample: security demands using System.Security.Permissions;[FileIOPermissionAttribute( SecurityAction.Demand)]

  18. Security and the Manifest Manifest Loader List of files Hash value Generate newhash values compare

  19. Imperative Security • ... with explicit code • Create a permission object and call its methods • Scope of protection is the method • Permission-based judgements made at run time • Sample: security demands using System.Security.Permissions;FileIOPermission myPerm = new FileIOPermission(...);myPerm.Demand();

  20. Section 3: Permissions • Permissions • Different kinds of permissions • Using permissions • Managing permissions

  21. Kinds of Permissions • Permission and permission set • XML representation of permissions • Code access permissions • Protect resources and operations • Identity permissions • Characteristics of an assembly‘s identity • Role-based permissions • Discover a user‘s role or identity • Custom permissions • Design and implement your own permissions

  22. Managing Permissions: Policies • Policy levels • Enterprise, machine, user, application domain enterprise machine Resulting permission set appdomain user

  23. Permission Namespace System.Object System.ValueType System.Attribute System.Security.CodeAccessPermission System.Enum SecurityAttribute RegistryPermission FileIOPermission CodeAccessSecurityAttribute ... RegistryPermissionAccess RegistryPermissionAttribute FileIOPermissionAccess FileIOPermissionAttribute ... ...

  24. Requesting Permissions • Provide security related information to the runtime • Used to check permissions • Place attributes in your code • Compiler stores the request in the metadata • Don‘t ask for more than you need ... • Minimum • Optional • Refused • Code cannot assign rights to itself

  25. Demanding Permissions • Enforce restrictions on calling code • Ask the runtime to check permissions • Secure either methods or complete code blocks • Declaratively or imperatively • Guidelines • Check identity when giving additional access • To restrict object creation secure its constructor

  26. Granting Permissions • The runtime grants permissions • To application domains and assemblies • Based on identity, requested permissions, and trust Runtime Assembly Loader Host Applicationdomain Evidence Permissionset Travers codegroup for relevantpolicy level

  27. Overriding Code Access Permissions • Override the outcome of the stack walk security check • Assert • Specify permissions that should not be checked • Security hole • Deny • Explicitly deny permissions • If one caller in call chain fails, all will fail • PermitOnly • Specify a certain resource that can be accessed

  28. Code Access Permissions 1/3 • Protect Resources and operations • SecurityPermission class • SocketPermission class • WebPermission class • PrintingPermissions • User Interface Access • UIPermission class • Secure windows prevent spoofing • Prevent code to steal from clipboard

  29. Code Access Permissions 2/3 • Access and modify environment, registry, and metadata • EnvironmentPermission • RegistryPermission • ReflectionPermission • DNSPermission • EventLogPermission • ServiceControllerPermission • Protect files and directories • FileIOPermission • FileDialogPermission

  30. Code Access Permissions 3/3 • Protect Data • DirectoryServicesPermission • IsolatedStoragePermission • IsolatedStorageFilePermission • OleDbPermission • SqlClientPermission • MessageQueuePermission • PerformanceCounterPermission

  31. Identity Permissions • Identity of an assembly • Relevant classes • PublisherIdentityPermission • SiteIdentityPermission • StrongNameIdentityPermission • ZoneIdentityPermission • URLIdentityPermission

  32. Role-based Permissions • Principals • Generic: unauthenticated users and roles • Windows: Windows users/accounts • Custom: principals defined by application • PrincipalPermission Class • Perform checks against active principal • Authentication and authorization

  33. Custom Permissions • System.Security.Permissions namespace • Consider thoroughly – overlapping and redundancy • Code access permissions • Design • Which resource is to be protected? • How‘s the granulation of access? • Implement • IPermission interface • Demand • Update the policy

  34. Type Safe Code and Trust • No memory access to the „neighbour‘s“ private fields • Isolated assemblies • Compiler checks if code is type-safe • Not all language compilers can generate type-safe code • JIT compiler verifies type-safety • If code is not type-safe the code is not trustworthy • Not type-safe code may call unmanaged code • And perform malicious operations

  35. Wrapping Unmanaged Code • Calling unmanaged code is risky • Direct calls into unmanaged code can bypass security • Use managed wrapper classes • Enforce security restrictions • Such classes are different from CCW and RCW • Secure class libraries • Security demands • Check each call to resources exposed by the library • „Code access security does not eliminate the possibility of human error in writing code“

  36. Integration with COM+ Security • Role-based security is not role-based security • .NET Framework vs. COM+ security • Managed code can use COM+ security • Only on Windows 2000 systems • Not from pure .NET apps • Extend existing COM+ applications with .NET security

  37. Section 4: Security Administration • Security Tools • Managing Policies and Roles • Integration with Windows 2000 and COM+

  38. Security Tools • Managing certificates • Cert2spc.exe, Certmgr.exe, or Makecert.exe • Managing assemblies • Sn.exe • Shared Name utility • GACUtil.exe • Global Assembly Cache utility • PermView.exe • View permissons requested by an assembly

  39. Managing Permissions and Policies • Code Access Security Policy Commandline Utility • Caspol.exe • Configure machine and user policy • Adding, modifying, and deleting • Code groups • Permissions and permission sets • Samples: • caspol –list • caspol –machine –addfulltrust myPerm.exe • caspol –machine –ag 1.1 –zone Internet execution

  40. mscorcfg.msc • Graphical User Interface • Microsoft Management Console Snap-In • Manage Security Policies • Modify code groups and permission (sets) • On enterprise, machine, and user level

  41. Sample • Creating named permission sets • Create an XML representation • Permission set = permission + name + description • Associate permission set and code group(s) • Modifying security policy • Built-in named permission sets • Nothing, Internet, Everything, ... • Custom permissions

  42. Managing Roles • Identities and principals • Integration with Windows 2000 • Principals may map to OS accounts • Packages

  43. Section 5: Cryptography Support • Hashing • Encryption • Digital signatures

  44. Cryptographic services - Basics • Stream oriented design • Symmetric algorithms • One operation for periodical data input • Work with single secret key • Sample: hashing • Asymmetric algorithms • Fixed buffer • Public/private key pair • Sample: digital signatures • Cryptographic Service Provider (CSP)

  45. Signatures and Random numbers • DSA, DSACryptoServiceProvider • Digital Signature Algorithm • Public-key algorithm • RSA, RSACryptoServiceProvider • Rivest, Shamir, and Adleman • Popular public-key algorithm and de facto standard • RandomNumberGenerator,RNGCryptoServiceProvider • Random number generator

  46. Hash and Cryptography Algorithms • MD5, MD5CryptoServiceProvider • Message Digest, produces 128-bit hash • SHA1Managed • Secure Hash Algorithm, produces 160-bit hash • DES, CryptoServiceProvider • Data Encryption Standard, world-wide standard • RC2, RC2CryptoServiceProvider • Rivest Cipher, block cipher • TripleDES, TripleDESCryptoServiceProvider • Triple DES encryption with one (1) key

  47. Summary • Powerful security system • Flexible • Administrable • Fine-grained control on security • A number of classes and security tools • Different security solutions • Rich set of cryptography services

  48. Questions?

More Related