1. Customizing.NET Security Permissions Nageswari Vallabhaneni

2. Overview Introduction Kinds Of Permissions Customizing different kinds of permissions Based on roles Type safe code and Unmanaged Code

3. Permission is an object used by flexible and extensible framework instead of defining a fixed set of operations and resources to which access can be controlled. Access code to restricted areas Objects to control restrictions on managed code Permission

4. Kinds of Permissions Permission and permission set  XML representation of permissions Code access permissions  Protect resources and operations Identity permissions  Characteristics of an assembly‘s identity Role-based permissions  Discover a user‘s role or identity Custom permissions  Design and implement your own permissions

5. Managing Permissions : Policies Policy levels  Enterprise, machine, user, application domain enterprise user machine appdomain Resulting permission set Permission and permission set

6. Individual Permissions with default Permission Sets Permission Full Trust Nothing Local Intranet Internet Permission Set Permission Set Permission Set Permission Set Dns Unrestricted No Access Unrestricted No Access Environment Unrestricted No Access Read Username No Access EventLog Unrestricted No Access Instrument No Access FileDialog Unrestricted No Access Unrestricted open Isolatedstorage Unrestricted No Access AssemblyIsolation DomainIsolation ByUser ByUser Printing Unrestricted No Access DefaultPrinting SafePrinting Reflection Unrestricted No Access ReflectionEmit No Access Security Unrestricted No Access ExecutionAssertion Execution UI Unrestricted No Access Unrestricted SafeToplevel Windows Own Clipboard

7. Granting Permissions Runtime Host Application domain Evidence Assembly Loader Permission set Travers code group for relevant policy level The runtime grants permissions  To application domains and assemblies  Based on identity, requested permissions, and trust

8. Code Access Permissions 1/3 Protect Resources and operations  SecurityPermission class  SocketPermission class  WebPermission class  PrintingPermissions User Interface Access  UIPermission class  Secure windows prevent spoofing Prevent code to steal from clipboard

9. Code Access Permissions 2/3 Access and modify environment, registry, and metadata  EnvironmentPermission  RegistryPermission  ReflectionPermission  DNSPermission  EventLogPermission  ServiceControllerPermission Protect files and directories  FileIOPermission  FileDialogPermission

10. Code Access Permissions 3/3 Protect Data  DirectoryServicesPermission  IsolatedStoragePermission  IsolatedStorageFilePermission  OleDbPermission  SqlClientPermission  MessageQueuePermission  PerformanceCounterPermission

11. Overriding Code Access Permissions Override the outcome of the stack walk security check Assert  Specify permissions that should not be checked  Security hole Deny  Explicitly deny permissions  If one caller in call chain fails, all will fail PermitOnly  Specify a certain resource that can be accessed

12. Identity Permissions Identity of an assembly The runtime grants identity permissions when the assembly is loaded based on the evidence that is provided. And that evidence is provided by the loader or a trusted host and include items such as digital signature of the assembly or the website.

13. Classes Of Identity Permissions Relevant classes  PublisherIdentityPermission The software publisher’s digital signature.  SiteIdentityPermission The website where the code originated.  StrongNameIdentityPermission The strong name of the assembly.  ZoneIdentityPermission Zone where the code originated.  URLIdentityPermission URL where the code originated.

14. Role-based Permissions Principals A Principal represents the identity and role of a user and acts on the user’s behalf…..NET framework supports 3 kinds of Principals  Generic: unauthenticated users and roles that are independent of Windows users and roles.  Windows: Windows users/accounts and roles.  Custom: principals defined by an application in any way that is needed for that particular application. PrincipalPermission Class  Perform checks against active principal

15. Custom Permissions System.Security.Permissions namespace Consider thoroughly – overlapping and redundancy Code access permissions  Design Which resource is to be protected? How‘s the granulation of access?  Implement IPermission interface  Demand Update the policy

16. Adding a custom permission to Security Policy Add the assembly implementing the custom permission to the list of fully trusted assemblies. Create an XML file that represents the type of permission you want to create and assign to assemblies. Add the XML representation of the permission to the security policy by using the.NET Framework Coniguration tool.

17. Type Safe Code and Trust No memory access to the neighbour‘s private fields  Isolated assemblies Compiler checks if code is type-safe  Not all language compilers can generate type-safe code JIT compiler verifies type-safety  If code is not type-safe the code is not trustworthy  Not type-safe code may call unmanaged code And perform malicious operations

18. Wrapping Unmanaged Code Calling unmanaged code is risky  Direct calls into unmanaged code can bypass security Use managed wrapper classes  Enforce security restrictions Secure class libraries  Security demands  Check each call to resources exposed by the library  „Code access security does not eliminate the possibility of human error in writing code“

19. References http://msdn2.microsoft.com/en- us/library/03kwzyfc(VS.71).aspxhttp://msdn2.microsoft.com/en- us/library/03kwzyfc(VS.71).aspx http://msdn2.microsoft.com/en- us/library/d3wktt6a(VS.71).aspxhttp://msdn2.microsoft.com/en- us/library/d3wktt6a(VS.71).aspx http://msdn2.microsoft.com/en- us/library/7sxk9k2h.aspxhttp://msdn2.microsoft.com/en- us/library/7sxk9k2h.aspx

20. Questions ??