creating secure applications
TRANSCRIPT
Microsoft Australia Security Summit
Microsoft Australia Security Summit
Creating Reliable And Robust Creating Reliable And Robust Applications With Visual Applications With Visual Studio 2005 And SQL Server Studio 2005 And SQL Server 20052005
Andrew CoatesAndrew CoatesDeveloper EvangelistDeveloper EvangelistMicrosoft AustraliaMicrosoft Australiahttp://blogs.msdn.com/acoathttp://blogs.msdn.com/acoat
Microsoft Australia Security Summit
AgendaAgenda
IntroductionIntroduction
Enhancements for secure application Enhancements for secure application development with Visual Studio 2005development with Visual Studio 2005
Security enhancements in SQL Server Security enhancements in SQL Server 20052005
Microsoft Australia Security Summit
Introduction: Security TodayIntroduction: Security Today
More mission-critical systemsMore mission-critical systems
More IT assets exposed via the More IT assets exposed via the InternetInternet
More ways to connect (more threat paths)More ways to connect (more threat paths)
Everything is becoming connectedEverything is becoming connected
Increased complexity and Increased complexity and functionality functionality lead to increased vulnerabilitieslead to increased vulnerabilities
Software must do more to protect Software must do more to protect on the security fronton the security front
Major effort to enhance security capability Major effort to enhance security capability
and features in Visual Studio 2005 andand features in Visual Studio 2005 andSQL Server 2005SQL Server 2005
Microsoft Australia Security Summit
Visual Studio 2005 and .NET Visual Studio 2005 and .NET 2.0 Enhancements2.0 Enhancements
Microsoft Australia Security Summit
Managed CodeManaged Code
Designed to run under less privileged Designed to run under less privileged accountsaccounts
Improved Code Access SecurityImproved Code Access Security
Permissions CalculatorPermissions Calculator
Debug in ZoneDebug in Zone
IntelliSense in Zone (Visual IntelliSense in Zone (Visual Basic .NET)Basic .NET)
FxCopFxCop
Microsoft Australia Security Summit
Develop Under Less Privileged Develop Under Less Privileged AccountAccount
Developing under Least Privileged Developing under Least Privileged account is a good practiceaccount is a good practice
User will not run your application User will not run your application as an administratoras an administrator
When developing as admin you may be When developing as admin you may be unaware that non-admin accounts don’t unaware that non-admin accounts don’t have access to resources that you may have access to resources that you may accessaccess
Visual Studio 2005 runs much better Visual Studio 2005 runs much better under non administrative account under non administrative account than than previous versionsprevious versions
Microsoft Australia Security Summit
Security Principles to Live By Security Principles to Live By Practical Least PrivilegePractical Least Privilege
Elevate as necessaryElevate as necessaryRunAsRunAsMakeMeAdmin (http://blogs.msdn.com/aaron_margosis)MakeMeAdmin (http://blogs.msdn.com/aaron_margosis)Fast User SwitchingFast User SwitchingTerminal Services / Remote DesktopTerminal Services / Remote Desktop
Vista/Longhorn LUAVista/Longhorn LUAhttphttp://msdn.microsoft.com/library/default.asp?url=/library/en-u://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/leastprivlh.asps/dnlong/html/leastprivlh.asp
Add Granular PermissionsAdd Granular PermissionsSQL Server 2005SQL Server 2005
Granular permissionsGranular permissionsSecurity execution contextSecurity execution contextDDL TriggersDDL Triggers
Code Access Security easier with VS 2005Code Access Security easier with VS 2005Permission CalculatorPermission CalculatorCode Access Security - IntelliSense in Zone, Debugging in Code Access Security - IntelliSense in Zone, Debugging in ZoneZone
Microsoft Australia Security Summit
Code Access SecurityCode Access Security
Applies security to Assembly IdentityApplies security to Assembly Identity
Allows restriction on the actions an Allows restriction on the actions an assembly can performassembly can perform
Predefined permission sets are Predefined permission sets are available available to sandbox low trust codeto sandbox low trust code
Visual Studio 2005 allows the Visual Studio 2005 allows the developer developer to select a target permission setto select a target permission set
Microsoft Australia Security Summit
Code Access Security (CAS)Code Access Security (CAS)
Code access security is a mechanism that helps Code access security is a mechanism that helps limit the access code limit the access code has to protected resources and operations; Has has to protected resources and operations; Has following functionsfollowing functions
Defines permissions and permission sets that represent Defines permissions and permission sets that represent the right the right to access various system resources to access various system resources Enables administrators to configure security policy Enables administrators to configure security policy Enables code to request the permissions it requires in Enables code to request the permissions it requires in order to run, order to run, and specifies which permissions the code must never haveand specifies which permissions the code must never haveGrants permissions to each assembly that is loaded, based Grants permissions to each assembly that is loaded, based on the on the permissions requested and on the operations permitted by permissions requested and on the operations permitted by security policysecurity policyEnables code to demand that its callers have specific Enables code to demand that its callers have specific permissionspermissionsEnables code to demand that its callers possess a digital Enables code to demand that its callers possess a digital signature, signature, thus allowing only callers from a particular organization or thus allowing only callers from a particular organization or site to call the protected codesite to call the protected codeEnforces restrictions on code at run time by comparing the Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the granted permissions of every caller on the call stack to the permissions permissions that callers must havethat callers must have
Microsoft Australia Security Summit
Code Access SecurityCode Access Security
EvidencePolicy +
Permissions
Microsoft Australia Security Summit
Stack WalkStack Walk
Essential part of the security system Essential part of the security system To protect unauthorized access to To protect unauthorized access to protected resourcesprotected resourcesBefore allowing an assembly access the Before allowing an assembly access the protected resource may demand a stack protected resource may demand a stack walk to verify that all functions in the call walk to verify that all functions in the call chain have permission to access the system chain have permission to access the system resourceresourceFunctions can choose to modify the stack Functions can choose to modify the stack walk, walk, and there are a few mechanisms to do thisand there are a few mechanisms to do this
LinkDemandsLinkDemandsAssertAssertDenyDenyPermitOnlyPermitOnly
Microsoft Australia Security Summit
Stack WalkStack Walk
Microsoft Australia Security Summit
SandboxingSandboxing
Application Domains can be created Application Domains can be created to sandbox assembliesto sandbox assemblies
Process for creating a sandbox has Process for creating a sandbox has been simplified under the 2.0 been simplified under the 2.0 frameworkframework
API is exposed as a new overload of API is exposed as a new overload of AppDomain.CreateDomainAppDomain.CreateDomainAppDomain.CreateDomain( string friendlyName, Evidence securityInfo, AppDomainSetup info,
PermissionSet grantSet, params StrongName[] fullTrustAssemblies );
AppDomain.CreateDomain( string friendlyName, Evidence securityInfo, AppDomainSetup info,
PermissionSet grantSet, params StrongName[] fullTrustAssemblies );
Microsoft Australia Security Summit
Global Assembly Cache (GAC) Is Global Assembly Cache (GAC) Is Full-TrustFull-Trust
.NET 2.0 assemblies in the GAC get .NET 2.0 assemblies in the GAC get FullTrust no matter what the security FullTrust no matter what the security policy sayspolicy says
The new GacMembershipCondition The new GacMembershipCondition Class determines whether an Class determines whether an assembly belongs to a code group by assembly belongs to a code group by testing its global assembly cache testing its global assembly cache membershipmembership
Rather than having to know about Rather than having to know about both the full-trust list and the GAC, a both the full-trust list and the GAC, a framework developer only has to framework developer only has to install their framework in the GAC install their framework in the GAC now.now.
Microsoft Australia Security Summit
Permissions CalculatorPermissions Calculator
PermCalc replaces the PermView PermCalc replaces the PermView utilityutility
Looks into assemblies on which target Looks into assemblies on which target
has dependencieshas dependencies
Available as both a command line Available as both a command line tool and integrated into Visual Studiotool and integrated into Visual Studio
Microsoft Australia Security Summit
PermCalcPermCalc
Microsoft Australia Security Summit
Debugging EnhancementsDebugging Enhancements
Debug in Zone – Visual Studio can Debug in Zone – Visual Studio can create environment to match create environment to match permissions for restricted permissions for restricted environmentsenvironments
IntelliSense in Zone (Visual Basic) IntelliSense in Zone (Visual Basic)
Microsoft Australia Security Summit
Debug In ZoneDebug In Zone
Microsoft Australia Security Summit
FxCopFxCop
Integrated into Visual StudioIntegrated into Visual Studio
Identifies Design Issues and supplies Identifies Design Issues and supplies information on how to fix theminformation on how to fix them
Enforces Microsoft .Net Design Enforces Microsoft .Net Design GuidelinesGuidelines
Can be used as a part of the code Can be used as a part of the code check-in policycheck-in policy
Microsoft Australia Security Summit
FxCopFxCop
Microsoft Australia Security Summit
Other Managed Code Security Other Managed Code Security EnhancementsEnhancements
Security cannot be turned of Security cannot be turned of permanentlypermanently
New classesNew classesSecureStringSecureString
Contents are kept encryptedContents are kept encrypted
Modified until set to ReadOnlyModified until set to ReadOnly
Deleted from memory on demandDeleted from memory on demand
ProtectedMemoryProtectedMemoryUsed to Encrypt data in MemoryUsed to Encrypt data in Memory
Uses Data Protection API available Uses Data Protection API available in Windows XP and Laterin Windows XP and Later
Microsoft Australia Security Summit
What Else Is New In .NET 2.0 What Else Is New In .NET 2.0 SecuritySecurity
Enhanced SecurityExceptionEnhanced SecurityExceptionIncreased SN Key SizeIncreased SN Key SizeTransparent CodeTransparent CodeManaged ACLsManaged ACLsPKCS7 supportPKCS7 supportFIPS enforcementFIPS enforcementRFC 2898 PBKDF 2 RFC 2898 PBKDF 2 Test key signingTest key signingEnhanced X509 support (via Enhanced X509 support (via X509Certificate2)X509Certificate2)XML EncryptionXML EncryptionAppDomainManager/HostSecurityManagerAppDomainManager/HostSecurityManager
Microsoft Australia Security Summit
Team Foundation ServerTeam Foundation ServerCheck In PoliciesCheck In Policies
Code AnalysisCode Analysis
TestingTesting
Peer ReviewPeer Review
Microsoft Australia Security Summit
Unmanaged CodeUnmanaged Code
Application VerifierApplication Verifier
Integrated Code Analysis ToolsIntegrated Code Analysis Tools
Buffer Check SwitchBuffer Check Switch
Safe C Runtime LibrarySafe C Runtime Library
Microsoft Australia Security Summit
SQL Server 2005 SQL Server 2005 EnhancementsEnhancements
Microsoft Australia Security Summit
SQL Server 2005 EnhancementsSQL Server 2005 Enhancements
Secure by DefaultSecure by Default
Password PolicyPassword Policy
Strengthened AuthenticationStrengthened Authentication
User-Schema SeparationUser-Schema Separation
Granular PermissionsGranular Permissions
Execution ContextExecution Context
EncryptionEncryption
Catalog Security Catalog Security
Microsoft Australia Security Summit
Secure By DefaultSecure By Default
If SQL Server 2005 is installed and no If SQL Server 2005 is installed and no options are changed, it is installed in options are changed, it is installed in a secure statea secure state
Access to many resources must now Access to many resources must now be explicitly granted or enabled be explicitly granted or enabled before being used before being used
Surface Area Configuration ToolSurface Area Configuration Tool
Microsoft Australia Security Summit
Surface Area Configuration ToolSurface Area Configuration Tool
Microsoft Australia Security Summit
Password Policy And AuthenticationPassword Policy And Authentication
SQL Server 2005 can inherit the SQL Server 2005 can inherit the Password Policy when hosted on Password Policy when hosted on Windows 2003Windows 2003
Can be enabled or disabled on a per Can be enabled or disabled on a per login basislogin basis
Logins can be enabled and disabledLogins can be enabled and disabled
Login protocol uses stronger channelLogin protocol uses stronger channelUses SQL Server generated certificateUses SQL Server generated certificate
No SSL certificate loading is requiredNo SSL certificate loading is required
Microsoft Australia Security Summit
User-Schema SeparationUser-Schema Separation
Objects are associated with a schema Objects are associated with a schema instead of a userinstead of a user
Object naming scheme and resolution Object naming scheme and resolution have been changedhave been changedserver.database.schema.objectserver.database.schema.object
Users can be assigned a default Users can be assigned a default schemaschema
Microsoft Australia Security Summit
User-Schema SeparationUser-Schema Separation
Microsoft Australia Security Summit
Granular PermissionsGranular Permissions
Permissions can be applied to three Permissions can be applied to three scopes: Server, database, and scopes: Server, database, and schemaschema
Permissions can have one of three Permissions can have one of three states: Granted, revoked, and deniedstates: Granted, revoked, and denied
New Permissions AddedNew Permissions Added
Securable – entities to be secured Securable – entities to be secured (tables, views, assemblies, servers, (tables, views, assemblies, servers, and others)and others)
Grantee – Server level permissionGrantee – Server level permission
Catalog Security Catalog Security
Microsoft Australia Security Summit
Execution ContextExecution Context
EXECUTE AS CALLER (default)EXECUTE AS CALLER (default)
EXECUTE AS ‘USER’EXECUTE AS ‘USER’
EXECUTE AS SELFEXECUTE AS SELF
EXECUTE AS OWNER EXECUTE AS OWNER
Microsoft Australia Security Summit
Execute ASExecute AS
Microsoft Australia Security Summit
Endpoint SecurityEndpoint Security
An Endpoint is a point of entry into SQL An Endpoint is a point of entry into SQL ServerServerEndpoint Transports IncludeEndpoint Transports Include
Shared MemoryShared MemoryNamed PipesNamed PipesTCPTCPVirtual Interface AdapterVirtual Interface AdapterHTTP (Windows 2003 and XP SP2 Only)HTTP (Windows 2003 and XP SP2 Only)
HTTP Transport is not created by defaultHTTP Transport is not created by defaultHTTP Endpoints support 4 authentication HTTP Endpoints support 4 authentication types for web methodstypes for web methodsAnonymous access is not allowedAnonymous access is not allowedCommunications can be secured with SSL Communications can be secured with SSL
Microsoft Australia Security Summit
EncryptionEncryption
SQL Server now has built in support SQL Server now has built in support for encryption and decryptionfor encryption and decryption
Keys can be secured within or Keys can be secured within or external to SQL Serverexternal to SQL Server
Supports Symmetric encryption, Supports Symmetric encryption, Asymmetric encryption, Encryption by Asymmetric encryption, Encryption by paraphrase and certificatesparaphrase and certificates
Microsoft Australia Security Summit
Some More Microsoft ResourcesSome More Microsoft Resources
Security eForum siteSecurity eForum sitehttp://www.microsoft.com/http://www.microsoft.com/australia/eforumaustralia/eforum
MSDN Security Development CentreMSDN Security Development Centrehttp://http://msdn.microsoft.commsdn.microsoft.com/security//security/
Security Development Centre – Writing Secure CodeSecurity Development Centre – Writing Secure Codehttp://http://msdn.microsoft.com/security/securecode/default.aspxmsdn.microsoft.com/security/securecode/default.aspx
Patterns and Practices: Security GuidelinesPatterns and Practices: Security Guidelineshttp://msdn.microsoft.com/library/en-us/dnpag2/html/pagguidelines0003.asphttp://msdn.microsoft.com/library/en-us/dnpag2/html/pagguidelines0003.asp
What’s new in Security for v2.0What’s new in Security for v2.0http://blogs.msdn.com/shawnfa/archive/2005/08/24/455581.aspxhttp://blogs.msdn.com/shawnfa/archive/2005/08/24/455581.aspx
What’s new with Code Access Security in the .Net Framework 2.0What’s new with Code Access Security in the .Net Framework 2.0http://msdn.microsoft.com/msdnmag/issues/05/11/CodeAccessSecurity/default.aspxhttp://msdn.microsoft.com/msdnmag/issues/05/11/CodeAccessSecurity/default.aspx
Security Enhancements in Visual Studio 2005 Security Enhancements in Visual Studio 2005 http://msdn.microsoft.com/library/en-us/dnvs05/html/vs05security.asphttp://msdn.microsoft.com/library/en-us/dnvs05/html/vs05security.asp
Repel Attacks on Your Code with Visual Studio 2005 Safe C Repel Attacks on Your Code with Visual Studio 2005 Safe C and C++ Librariesand C++ Libraries
http://msdn.microsoft.com/msdnmag/issues/05/05/SafeCandC/http://msdn.microsoft.com/msdnmag/issues/05/05/SafeCandC/
SQL Server 2005 SecuritySQL Server 2005 Securityhttp://msdn.microsoft.com/sql/learning/security/default.aspxhttp://msdn.microsoft.com/sql/learning/security/default.aspx
Visual Studio 2005 and SQL Server 2005 WebcastVisual Studio 2005 and SQL Server 2005 Webcasthttp://www.microsoft.com/eventshttp://www.microsoft.com/events
Microsoft Australia Security Summit
© 2006 Microsoft Corporation. All rights reserved.© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.