1/14/2019 11:03 PM Session Code: arc340 .Net Framework Application Security And Other New .Net Framework Security Technologies Sebastian Lange – Program Manager Ivan Medvedev - QA Lead Microsoft Corporation © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Review: What’s already in the Box? 1/14/2019 11:03 PM Agenda Review: What’s already in the Box? Security Themes for this Release New Security Technologies! Application Identity Based Security Improved Security Error Information Improved Protection scheme for public APIs Tool for determining security needs of an app PKI integration XML Encryption Summary © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Starting Points - v1.0,1.1 CAS and Security APIs in .Net Framework 1/14/2019 11:03 PM Starting Points - v1.0,1.1 CAS and Security APIs in .Net Framework Goal: Enable “Partial Trust” Primary Security Identity: Code (Assembly) Authentication: Information collected about code (Evidence) Authorization: Code identity based policy system grants rights to access resources Enforcement: Verification, Validation, Stackwalks Crypto, PKI, XMLDsig APIs © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Security Themes Make it easier to develop secure applications 1/14/2019 11:03 PM Security Themes Make it easier to develop secure applications Improve integration with existing security technologies © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “There is no easy way to write and deploy semi-trusted applications for home end users.” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Application Identity Based Security 1/14/2019 11:03 PM Application Identity Based Security Supports ClickOnce Application Programming Model Visit CLI 370! Applications are self-describing! Security Requirements persisted in manifest Applications are run in sandbox by default Sometimes applications require more trust User consent or pre-configured security policy © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Application Identity Based Security - Architecture 1/14/2019 11:03 PM Application Identity Based Security - Architecture Application Trust Decisions Deployment Manifest Application ID RUN User Consent Not Known RUN Don’t Run Don’t Run © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Application Identity Based Security - Benefits 1/14/2019 11:03 PM Application Identity Based Security - Benefits Admins Administration at application, not assembly scope Better Risk assessment – applications state security requirements (for each assembly) Developers Easier deployment on end user machines Reduced attack surface End Users Better install experience Trust decisions are persisted and version independent Applications more secure – run just with what they need © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “When I get a security exception it does not really tell me what went wrong!” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Better Security Error Information 1/14/2019 11:03 PM Better Security Error Information Expanded SecurityException Type Now possible to tell precisely what failed and why Includes Failed Assembly information Including failed assemblies’ permission set grant Security Action that failed The permission set that was checked Deeply integrated into the VS IDE (Debug in Zones) © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM COOL © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “Why can’t I protect my API with multiple cryptographically strong identities?” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Improved Protection of Public APIs 1/14/2019 11:03 PM Improved Protection of Public APIs Was possible in V1.0/1.1 to limit access to public APIs Link Demand for a cryptographically strong type of identity permission Was not possible to use more than one set of identity information in security checks New security actions (DemandChoice, LinkDemandChoice) that allow use of multiple permission sets Use of new type: PermissionSetCollection © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Improved Protection of Public APIs 1/14/2019 11:03 PM Improved Protection of Public APIs DemandChoice All stack frames are checked for meeting one of the permission sets in the permission set collection [ method: StrongNameIdentityPermissionAttribute( SecurityAction.LinkDemandChoice, PublicKey = Key 1)] SecurityAction.LinkDemandChoice, PublicKey = Key 2)] public static int ProductInternalMethod() { // code that should only be accessed //by assemblies signed with key 1 or 2 } © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “I have a complex application. Why is there no tool that helps me find out the security requirements of my application?” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Determining Security Permission Requirements of your code 1/14/2019 11:03 PM Determining Security Permission Requirements of your code Click-once Applications require that applications state the permissions they need in order to run Developer needs to fill this information into application manifest Very important for Doing security reviews of all other kinds of applications Doing security reviews of APIs on shared library code Understanding why your code does not run under some security restrictions © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

PermCalc Tool Command Line Tool 1/14/2019 11:03 PM PermCalc Tool Command Line Tool Using dll that can be accessed programmatically Checks the security requirements of an application Outputs estimate of minimum set of permissions required to run application Checks the security requirements of APIs of a shared library For each library API a permission set is returned Tool technology integrated into VS IDE (trust determination feature, intellisense in zones) See TLS 344! © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Determining the minimum set of permissions of an application 1/14/2019 11:03 PM Determining the minimum set of permissions of an application Ivan Medvedev Test Lead CLR Team © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

More on PermCalc Static assembly introspection 1/14/2019 11:03 PM More on PermCalc Static assembly introspection Dataflow / Control Flow analysis Emulates execution of all code paths Application Required permissions: P2 An entry point (Main, etc.) Assembly 1 Method A Method E Assert P1 Method B Method C Method F Demand P1 Assembly 2 Method D Demand P2 © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Why is PermCalc cool? Tells you if your app fits into SEE 1/14/2019 11:03 PM Why is PermCalc cool? Tells you if your app fits into SEE More about SEE - CLI 411 Makes it easy to develop for semi-trust XML output that can be processed or shipped with your library © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “Why is there no full integration with PKI? I need to validate a certificate, and I can’t do that with your current APIs.” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Public Key Infrastructure Integration 1/14/2019 11:03 PM Public Key Infrastructure Integration Exposure of PKI APIs shipped on Windows Platform X509 PKCS7 (signed and enveloped) Allows Validation of Certificates Retrieval of Certificate information Integrated together and with other technologies (Xml Dsig, Xml Encryption) © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

PKI (continued) X509 PKCS7 New class X509CertificateEx 1/14/2019 11:03 PM PKI (continued) X509 New class X509CertificateEx Access to all certificate properties Validation and chain building System.Security.Cryptography.X509Certificates PKCS7 New classes EnvelopedCms, SignedCms System.Security.Cryptography.Pkcs © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

PKI Integration with XML Digital Signatures 1/14/2019 11:03 PM PKI Integration with XML Digital Signatures Ivan Medvedev Test Lead CLR Team © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

1/14/2019 11:03 PM Feedback “If XML is such an important technology, why don’t you have an API that helps me encrypt XML?” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

XML Encryption W3C Compliant Implementation XML Output 1/14/2019 11:03 PM XML Encryption W3C Compliant Implementation Will be able to exchange data with other implementations XML Output Does not have to be XML Input Can encrypt portions of an XML document Can encrypt different portions of the same document with different keys © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

XML Encryption Several types of encryption Driven through 1/14/2019 11:03 PM XML Encryption Several types of encryption Triple DES AES 128 AES 192 AES 256 RSA X509CertificateEx Driven through System.Security.Cryptography.Xml.EncryptedXml Class Integration with XML Digital Signature XmlDecryptionTransform © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Sample Input <PurchaseOrder> <Items> 1/14/2019 11:03 PM Sample Input <PurchaseOrder> <Items> <Item Code="001-001-001" Quantity="1“> Inside C#, Second Edition </Item> </Items> <ShippingAddress> One Redmond Way, Redmond, WA 98052 </ShippingAddress> <PaymentInfo> <CreditCard type="Visa" expiration="09/15/05"> 1234-5678-9123-4567 </CreditCard> </PaymentInfo> </PurchaseOrder> © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Encryption Code EncryptedXml exml = new EncryptedXml(xmlDoc); 1/14/2019 11:03 PM Encryption Code EncryptedXml exml = new EncryptedXml(xmlDoc); // encrypt the credit card element using AES-256 object ccKey exml.AddKeyNameMapping(“ccKey”, ccKey); EncryptedData ccEncrypted = exml.Encrypt(ccElem, “ccKey”); EncryptedXml.ReplaceElement(ccElem, ccEncrypted, true); // encrypt the customer element using AES-256 object customerKey exml.AddKeyNameMapping(“customerKey”, customerKey); EncrypteData customerEncrypted = exml.Encrypt(customerElem, “customerKey”); EncryptedXml.ReplaceElement(customerElem, customerEncrypted, true); © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Resulting XML <PurchaseOrder> <Items> 1/14/2019 11:03 PM Resulting XML <PurchaseOrder> <Items> <Item Code="001-001-001" Quantity="1“>Inside C#, Second Edition</Item> </Items> <EncryptedData Type=“http://www.w3.org/2001/04/xmlenc#Element” xmlns=…> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <KeyInfo xmlns=…><KeyName>customerKey</KeyName></KeyInfo> CipherData><CipherValue>pdDtiyd7XQ.....</CipherValue></CipherData> </EncryptedData> <EncryptedData Type=“http://www.w3.org/2001/04/xmlenc#Element” xmlns=….> <KeyInfo xmlns=…..><KeyName>ccKey</KeyName></KeyInfo> <CipherData><CipherValue>bJlsW+q04...</CipherValue></CipherData> </PurchaseOrder> © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Feedback “I want to view and set ACLs on File and Registry objects!” 1/14/2019 11:03 PM Feedback “I want to view and set ACLs on File and Registry objects!” © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ACL Integration Raw ACL/ACE arithmetics 1/14/2019 11:03 PM ACL Integration Raw ACL/ACE arithmetics System.Security.AccessControl namespace Integration into file and registry classes FileSecurity fs = new FileSecurity(); fs.AddAccess( new FileAccessTrustee(“REDMOND\Mort”, AccessControlType.Deny, AclAccess.View | AclAccess.Change, FileAccess.ReadWrite ); using (FileStream file = new FileStream(“foo.txt”, FileMode.Create, FileAccess.Write, FileShare.None, 4096, false, FileActions.None, fs ) ) { // write to the file… } © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Summary Easier to develop Secure Code Better Security Integration 1/14/2019 11:03 PM Summary Easier to develop Secure Code Easier to find out security requirements of your code Easier to deploy and author semi-trusted rich client applications for home end users Easier to find out what went wrong when a security error occurs Easier to allow access to Public APIs to multiple cryptographically strong identities Better Security Integration Now possible to perform all PKI tasks in managed code MACL integration XML Encryption © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Resources msdn.microsoft.com/net/security www.gotdotnet.com 1/14/2019 11:03 PM Resources msdn.microsoft.com/net/security www.gotdotnet.com GotDotNet blogs http://blogs.gotdotnet.com/ivanmed http://blogs.gotdotnet.com/gregfee “.Net Framework Security” book microsoft.public.dotnet.security newsgroup © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

© 2003-2004 Microsoft Corporation. All rights reserved. 1/14/2019 11:03 PM © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.