This document discusses .NET Framework 4 security architecture, including application domains, code verification processes, code access security (CAS), role-based security concepts like authentication and authorization, and cryptography. It also covers security transparency attributes, demonstrates a MS13-015 vulnerability exploit, and provides contact information for the author.
1. Know Your Security Model
Mikhail Shcherbakov
9-я конференция .NET разработчиков
12 октября 2014
dotnetconf.ru
2. 2
About me
• Senior software developer at Positive
Technologies
• Working on Application Inspector - source
code analyzer
• Previous team lead at Acronis and Luxoft
4. 4
.NET Framework 4 Security
Architecture
• Application Domains
• The verification process
• Code Access Security (CAS)
o Policy
o Permissions
o Enforcement
• Role-based security
o Authentication
o Authorization
o Principal and Identity
• Cryptography
5. 5
.NET Framework 4 Security
Architecture
• Application Domains
• The verification process
• Code Access Security (CAS)
o Policy
o Permissions
o Enforcement
• Role-based security
o Authentication
o Authorization
o Principal and Identity
• Cryptography
6. 6
Knowledge in Practice
• CAS is the base of security
• Development of extensible and security-
sensitive applications
• Troubleshooting and knowledge about the
internals
o ASP.NET / IIS o Silverlight
o SQL CLR o XBAP
o ClickOnce o Sharepoint
7. 7
Application Domains
• Fully Trusted and Partially Trusted
• Heterogeneous and Homogeneous
• Sandboxing by AppDomain
9. 9
Code Access Security
• Policy (deprecated in .NET Framework 4)
• Permissions
• Enforcement
o Fully Trusted assemblies in Partially Trusted AppDomain
o Security Transparency Code
o Assert permissions
o SecurityPermission o RegistryPermission
o ReflectionPermission o SocketPermission
o FileIOPermission o WebPermission
10. 10
Level 2 Security Transparency
Critical
Full Trust code that can do anything
Safe Critical
Full Trust code Provides access to Critical code
Transparent
Only verifiable code Cannot p/invoke Cannot elevate/assert