Security in the .

NET Framework
Mike Kass Product Manager Microsoft Corp.

The .NET Framework

VB Windows Forms C++ C# ADO.NET Perl Java Enterprise Services

Windows Forms
Secure, easily deployable rich client classes

ASP.NET

XML

ASP.NET
Classes and engine for building, deploying, and running Web applications and services

Common Language Runtime

Message Trans- Active IIS Queuing actions Directory Management

ADO.NET

Classes for loosely-coupled data access

Common Language Runtime

Executes code, maintains security, handles component plumbing and dependencies

Enterprise Services
A complete set of features enabling transactions, message queuing, etc.

. NET Framework Security

Role-based Security Cryptographic Library Code Access Security

Role-Based Security:
Authentication

Unified programming model for all forms of authentication:

Basic Digest NTLM Kerberos Microsoft Passport Forms/Custom Client Certificates

Role-Based Security:
Authorization

Maximum flexibility again

Access Control Lists Active Directory URL Authorization via Config Files Custom

Cryptographic Library

Comprehensive, progressive set of APIs in the .NET Framework

Easy, unified, stream-based architecture Encryption Digital signatures Hashing Random-number generation Pluggable extensibility (new algorithms) Uses Windows CryptoAPI functionality

Code Access Security

Allows partially trusted code to run with reduced rights Evidence-based security model No more all-or-none or sandbox Granular permissions Flexible, extensible

3 Key Elements

Evidence

Inputs to policy about code Strong name, site, zone, Authenticode signature, hash value, app directory, etc.

Permissions

Specific authorizations for code (not users) Define a level of access to a resource or operation
Matches permissions to evidence via code groups Grants permissions to an assembly

Policy

Permissions Protect Resources

Socket FileIO Web FileDialog DNS IsolatedStorage OleDb Environment SQLClient Registry MessageQueue UI EventLog Printing DirectoryServices Reflection extensible Security Execution, Assertion, Skip Verification, Unmanaged code, Control evidence, Control policy, Control principal, Control threads

Loading An Assembly
Assembly Evidence Assembly Requests

0. Compile code 1. Load assembly 2. Gather evidence 3. Load policy 4. Grant permissions 5. Verify MSIL 6. Execute code

Policy

Granted Permissions

Demands Make It Work

Demand of FileIOPermission () causes stack walk If all frames pass: Succeed, allow operation Otherwise: SecurityException()

Exception

Got Permission?

MYAPP (semi-trusted) . . . . myComponent.ReadSetting(key); . . . .

Calls
MYCOMPONENT (fully trusted) . . . . Stream fileStream = FileStream.Open(settings.xml); . . . .

Got Permission?
FRAMEWORK public FileStream (string name) { FileIOPermission fp = new FileIOPermission(name) fp.Demand() . . . . }

Calls

Default Security Policies

Default code groups set around origin of code according to I.E. zones

Local machine i.e. code installed locally Intranet Internet (enabled in version 1.1 of the .NET Framework currently in beta) Trusted sites Restricted sites

Local Machine Permissions

FullTrust PermissionSet Full access to all machine capabilities But: App must be installed on machine by machines admin

Intranet Permissions

Unlimited UI Same protocol access to site & DNS File read access to origin Open/Save File Dialog Default printer Unlimited Isolated Storage Write to Event Log Env for USERNAME, TEMP, TMP

Changing Security Policies

Systems administrators can adjust current policies or create new policies via new code groups

.NET Framework Configuration Tool (MMC snap-in) Caspol (Command line)

Policies may be set at application, user, machine, and enterprise levels.

Programmatic access

APIs to access code access security system

Refuse unnecessary permissions Refuse to run if not granted necessary permissions Check to see if granted a permission and tweak app behavior based on response

Partially Trusted ASP.NET

Coming in version 1.1 For shared IIS 5.0 server, use CAS

Isolate apps running in same process Set permissions on virtualized resources Isolate apps you choose to run in same process Set permissions on virtualized resources

For shared IIS 6.0 server, use CAS

Trustworthy Computing

External review, penetration testing

Foundstone, CORE Security Technologies

Foundstones Security in the Microsoft .NET Framework:

Used appropriately, we believe that the .NET Framework is one of the best platforms for developing enterprise and Web applications with strict security requirements.

Ongoing internal security reviews & testing

STPP and the .NET Framework

Windows Update + Patch Roll-ups

Help customers get patches they need ASAP 2 Service Packs shipped to date

The .NET Framework in Curriculum

Multi-language runtime environment

Use the language you like Access the same class libraries to do similar tasks

Use a powerful IDE to access easy-to-use learning tools

Visual Studio .NET Academic

Experience programming with .NET by building your own Terrarium creature at the Hands-On Lab (Booth #301)

Microsoft Resources for Faculty

MSDN Academic Alliance

New program from Microsoft

Software

for computer science courses

Annual membership fee of $799 per department

Membership runs from July-June

Web site that supports program: (www.msdnaa.net) All the features of Visual Studio .NET Professional plus Course Management Tools

Visual Studio .NET Academic

Questions?
More info at: http://msdn.microsoft.com/net/security