Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jim Fawcett CSE775 – Distributed Objects Spring 2005

Published byArchibald Armstrong Modified over 6 years ago

Similar presentations

Presentation on theme: "Jim Fawcett CSE775 – Distributed Objects Spring 2005"— Presentation transcript:

1 Jim Fawcett CSE775 – Distributed Objects Spring 2005
.Net Security Jim Fawcett CSE775 – Distributed Objects Spring 2005

2 CSE775 – Distributed Objects
References Developmentor Slides from MSDNAA, Keith Brown Introduction to Evidence-based Security in .Net Framework, Brad Merrill, Securing, Deploying and Maintaining .Net Applications, Patrick Tisseghem, CSE775 – Distributed Objects

3 CSE775 – Distributed Objects
Agenda Threats Windows Role-Based Security Code Access Security Web applications Web services Remoting COM+ CSE775 – Distributed Objects

4 CSE775 – Distributed Objects
Basic Security Issues Confidentiality Disclose information only to authorized users Integrity Ensure that data is not modified without authorization Availability Decide who has access to information and how to make access effective Authentication Identify a user securely Authorization Define a set of allowed actions for authorized users Non repudiation Log users, their actions, and the objects used. CSE775 – Distributed Objects

5 CSE775 – Distributed Objects
Threats Stride model Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of priviledge CSE775 – Distributed Objects

6 CSE775 – Distributed Objects
Mitigating Threats Protection Make successful threats difficult Virtually always possible to succeed in complex systems Detection Detect an attack in progress Response Put in place plans for each identified threat type CSE775 – Distributed Objects

7 CSE775 – Distributed Objects
Spoofing Attacker claims false identity Claim client identity Gain access to sensitive data Run dangerous processes on server Gain administrative priviledges Claim server identity Collect sensitive data from clients Provide false data to clients Protection Strong authentication using crytography CSE775 – Distributed Objects

8 CSE775 – Distributed Objects
Tampering with Data Tampering with persistent data Modify password tables Deface web pages Add viruses or Trojan hourses to files Modify routing tables, DNS, … Modify audit logs Tampering with network packets Protection Hash codes, digital signatures, encryption CSE775 – Distributed Objects

9 CSE775 – Distributed Objects
Repudiation Attacker denies an action which is hard to verify Claim didn’t delete file Claim didn’t make purchase Claim didn’t receive services Protection Audit logs Require receipts Digital signatures CSE775 – Distributed Objects

10 Information Disclosure
Attacker sees sensitive data Local files Network packets Attacker gets information about system architecture Banners that display software type and version Protection Strong authentication and access control Encrytion of sensitive data Turn off banners, disable tracing and debugging Use terse error messages CSE775 – Distributed Objects

11 CSE775 – Distributed Objects
Denial of Service Syn flooding Send partial connection requests to overflow server’s list of pending connections Distributed Denial of Service Amplification attacks Send icmp echo requests to broadcast address, spoofing victim’s address Protection Install server patches Block incoming icmp requests Throttle anonymous requests CSE775 – Distributed Objects

12 Elevation of Priviledge
Gain administrator priviledge Buffer overflow attack Overflow designed to overwrite return address of function with address of malicous code. Exploit bugs in operating system Protection Avoid buffer overflows Validate user input Use principle of Least Priviledge Grant smallest set of priviledges needed to function Patch operating system CSE775 – Distributed Objects

13 Social Engineering Threat
Social Engineering and Manipulation Trick someone into disclosing information, e.g., passwords, credit card ids, SSNs, … Manipulation Threats Phreaking Use fee-based services without payment Phishing Acquire sensitive information by luring attacks, usually by . Pharming Redirecting DNS routes to unauthorized sites to get sensitive information. Your on-line banking redirected to Afganistan, for example. False representation Pretend to be service technician, manager, account owner, … Inside Job Employee conspires with attacker to compromise system or information. CSE775 – Distributed Objects

14 CSE775 – Distributed Objects
Security Models PDR Protection topic of this presentation Detection detect attacks Response plan responses for each threat category Call the sysAdmin Call the police Contact the FBI Contact Federal Trade Commission CSE775 – Distributed Objects

15 CSE775 – Distributed Objects
Security Models AAS Authentication Accept and validate credentials presented by user Authorization If validated, determine right to access some resource Secure communication Secure the channel SSL, IPsec Secure the data signing, hashing, cryptography CSE775 – Distributed Objects

16 CSE775 – Distributed Objects
Security Models Windows and .Net Role-based Authenticate and authorize users, groups, and accounts (System, Local service, Network service) Actions are authorized through permissions Evidence-based or Code Access Security (CAS) Code is elevated to the security status of a user. Authorization is based on evidence url, zone, publisher, strong name, custom assembly attributes Actions are authorized through policies CSE775 – Distributed Objects

17 Win Security Definitions
Definitions for people and groups of people SID – Security IDentifier Data structure used to identify user or group. Access Token A data structure that holds a SID for a security principal, the SIDs for each group the principal belongs to, and a list of the principal’s priviledges on the local computer. Principal An account holder that is assigned a SID for access to resources, e.g., user, group, service, or computer. CSE775 – Distributed Objects

18 Win Security Definitions
Definitions for objects Files, directories, kernel objects ACL – Access Control List Set of permissions for a specific object or a set of the object’s properties. Discretionary (DACL) and System (SACL) are sub-groups. Security Descriptor A data structure holding information about a protected object, e.g., who can access, in what way, whether audited. CSE775 – Distributed Objects

19 Win Security Definitions
Combinations of people and objects Security Context Set of rules for a user’s actions on a protected object Combination of user’s access token and object’s security descriptor Security Policy Rules that define the allowable contexts and mandatory groups. CSE775 – Distributed Objects

20 CSE775 – Distributed Objects
Role-Based Security Use role-based security in programs to control access to methods or properties at run-time. Host authenticates user and provides identity and role information to CLR. Uses NTFS access control lists, IIS security settings. CLR makes that information available to code via APIs and permission demands. Can isolate security from code using attributes defined in System.Security or EnterpriseServices System.Security is limited to Windows user groups EnterpriseServices uses COM+ roles Classes have to inherit from EnterpriseServices Which to choose? If application has both managed and unmanaged use COM+. If application is entirely managed then System.Security is appropriate. CSE775 – Distributed Objects

21 CSE775 – Distributed Objects
Code Access Security Goals End-user experience Managed apps just run Safe defaults, no run-time decisions needed Administrator All settings in one place and easy to customize Simple policy model Security administration tools .Net configuration, CASPOL Developer Focus on application, security comes free Easy to understand and extend when needed CSE775 – Distributed Objects

22 CSE775 – Distributed Objects
Mobil Code Old Model Obtained from a network, often via a web page. Without CAS have either full trust or no trust. User decides whether to run. If run, code has all the user’s priviledges. Inproc COM component, when loaded, becomes part of the process. Can’t distinguish between library code and original application code. CAS model Operation based on evidence. Allowed actions can be defined at very detailed level. Each assembly can have its own security context. CSE775 – Distributed Objects

23 Evidence-Based Security
Definitions Permissions Objects that represent specific authorized actions Permission grant is an authorization for an action given to an assembly Permission demand is a security check for specific grants Policy Set of permissions granted to an assembly Evidence Inputs to policy about code All three can be extended using security APIs. CSE775 – Distributed Objects

24 CSE775 – Distributed Objects
Standard Permissions Permissions for framework resources Data, environment, file IO, Message Queue, reflection, sockets Directory services, event log, web, performance counters, registry, UI DNS, file dialog, isolated storage, printing, security system CSE775 – Distributed Objects

25 CSE775 – Distributed Objects
Standard Permissions Identity permissions Publisher, site, string name, url, zone User identity permission Only non-code acceess permission in Framework. CSE775 – Distributed Objects

26 CSE775 – Distributed Objects
Code Access Security Is evidence-based Most permissions are code access Demanding permission performs a stack walk checking for grants of all callers Two ways to make checks Imperative – call a method Declarative Attributes in code Attributes in configuration file Get security by Calling class libraries in Framework Calling application code with checks CSE775 – Distributed Objects

27 CSE775 – Distributed Objects
How it works Loader extracts evidence from assembly Evidence is input to policy Each level, Enterprise, Machine, User, and AppDomain, are evaluated For each level the union of grants for each matching code group is determined Intersection of permissions from each of these levels are granted to the assembly Apply any assembly permission requests Result is the permissions granted to the assembly. CSE775 – Distributed Objects

28 CSE775 – Distributed Objects
Stack Walk Modifiers Assertions If code vouches for its callers then checks for permissions stop here. Gatekeeper classes Managed wrappers for unmanaged resources Demand permission to call unmanaged Assert permission to call unmanaged Make the call to unmanaged CSE775 – Distributed Objects

29 CSE775 – Distributed Objects
Code Access Control Identity permissions can apply to code as well as users and groups Based on evidence – signature, location, … Declarative checks made by JIT at compile-time. Imperative checks made by CLR at run-time. CSE775 – Distributed Objects

30 CSE775 – Distributed Objects
Policy Process of determining what permissions to grant to code. Per-assembly basis Policy levels Enterprise Machine User Application domain Each policy level is a collection of code groups All code, internet zone, intranet zone, site, strong name (MS Office), publisher Permission grants are intersection of policy levels and union of collection of code groups. Code gets only permissions common to Enterprise, Machine, user, AppDomain Gets all permissions of all groups to which it belongs. CSE775 – Distributed Objects

31 CSE775 – Distributed Objects
Default Policies Local Computer Unrestricted Intranet Limited read environment, UI, isolated storage, assertion, web access to same site, file read to same UNC directory Internet Safe UI, isolated storage, web access to same site Restricted No access, can’t execute Strong name (Framework classes) CSE775 – Distributed Objects

32 CSE775 – Distributed Objects
Framework Support Classes used to represent evidence Zone, Url, Site, ApplicationDirectory, StrongName, Publisher, Hash Classes used to represent permissions DBDataPermission, PrintingPermission, SocketPermission, FileIOPermission, RegistryPermission, … CSE775 – Distributed Objects

33 .Net Configuration Tool
CSE775 – Distributed Objects

34 CSE775 – Distributed Objects
Editing Permissions CSE775 – Distributed Objects

35 All Standard Permissions
Can configure applications as well as users and machines. CSE775 – Distributed Objects

36 Creating a User Code Group
CSE775 – Distributed Objects

37 Adding New Permissions
CSE775 – Distributed Objects

38 CSE775 – Distributed Objects
Specific Permissions CSE775 – Distributed Objects

39 CSE775 – Distributed Objects
The Result CSE775 – Distributed Objects

40 CSE775 – Distributed Objects
Evidence Evidence is input to policy Strong name, publisher identity, location Evidence is extensible Any object can become evidence Only affects permission grants if some code group condition uses it Hosts Machine, IIS, ASP.Net, SQL Server Fully trusted hosts specify implicitly trusted evidence. Semi-trusted hosts cannot provide evidence. Hosts can limit policy for AppDomains they create. CSE775 – Distributed Objects

41 CSE775 – Distributed Objects
Elevating Trust CSE775 – Distributed Objects

42 Requesting Permissions
Assemblies can request permissions Minimal, Optional, Refused If policy does not grant everything in Minimal set, assembly will not load. Assembly is granted: MaxAllowed  (Minimal  Optional) – Refused Example: [assembly:UIPermissionAttribute (SecurityAction.RequestMinimum, Window=UIPermissionWindow.SafeSubWindows) ] [assembly:SecurityPermissionAttribute (SecurityAction.RequestRefused, UnmanagedCode=true) ] CSE775 – Distributed Objects

43 Minimizing Security Flaws
Safe code Managed code verified for typesafety at runtime. Eliminates: Buffer overrun attacks Reading private state or uninitialized memory Access to arbitrary memory in process Transfer execution to arbitrary location in process Developers can use Least Priviledge. Code access security blocks most luring attacks. Stack walks prevent malicious code from using otherwise secure code obtained from naïve user. CSE775 – Distributed Objects

44 CSE775 – Distributed Objects
Summary Managed code has both Role-based and Evidence-based (CAS) security applied. Get a lot for free, simply by loggin in and running code that calls Framework Library. You can add security features to your code as well. CAS is .Net model for mobile code. Evidence is discovered by loader Policy turns evidence into permissions Permissions determine what your code can and cannot do. CSE775 – Distributed Objects

Download ppt "Jim Fawcett CSE775 – Distributed Objects Spring 2005"

Similar presentations

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 17 Secure Coding in Java and.NET Part 2: Code Access Control.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 17 Secure Coding in Java and.NET Part 2: Code Access Control.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Access Control Methodologies

Access Control Methodologies
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.

Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.

Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Similar presentations

Ads by Google