Download - Code Access Security
Agenda
Goals
Evidence-Based security
Security policy
Permission classes
Role-based Security
Common Interfaces\BaseClasses
Implementing your own classes
Goals
Ensures that code can access only resources it has the right to accessAllows security policy to control the resource code has access to based on:
Where the code comes fromOther aspects of the code’s identity
Allows programmers to specify resources that their code
Must be able to access in order to run effectivelyCould optionally accessShould not be able to access
Possibilities
Secure our libraries
Defend our servers more effectively
Writing application using RBS
And more…
Evidence-Based security
Set of information about the identity and origin of an assembly
Uses by the .Net Framework security system at load time to determine the permissions an assembly receives
Evidence includes things such as Strong-Name, Signature, Code Location, Zone and can also be custom-defined
Security policy
Storage of the security permissionsPolicy levels: enterprise, machine, userEach level consists of a collection of hierarchical code groups, and each code group has a set of permissions (file system, registry, environment variables etc.)Final Permission set is union for same level and intersection between levels
Nothing
Full trust
Full trust
Calc. level permission
All CodeAll CodeNothingNothing
Zone=My ComputerZone=My ComputerFull trustFull trust
Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission
SN=0xD1…SN=0xD1…Full trustFull trust
Hash=01…Hash=01…Events PermissionEvents Permission
Hash=04…Hash=04…UI PermissionUI Permission
Hash=00…Hash=00…Events PermissionEvents Permission
C:\foo.dllSN=0x00..Hash=00..
UnionUnion
Events Permission
Full trust
Nothing
Calc. level permission
All CodeAll CodeNothingNothing
Zone=My ComputerZone=My ComputerFull trustFull trust
Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission
SN=0xD1…SN=0xD1…Full trustFull trust
Hash=01…Hash=01…Events PermissionEvents Permission
Hash=04…Hash=04…UI PermissionUI Permission
Hash=00…Hash=00…Events PermissionEvents Permission
http://wwwSN=0xD1..Hash=00..
Full trustUnionUnion
Full trustFull trust
Nothing
Calc. level permission
All CodeAll CodeNothingNothing
Zone=My ComputerZone=My ComputerFull trustFull trust
Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission
SN=0xD1…SN=0xD1…Full trustFull trust
Hash=01…Hash=01…Events PermissionEvents Permission
Hash=04…Hash=04…UI PermissionUI Permission
Hash=00…Hash=00…Events PermissionEvents Permission
C:\foo.dllSN=0xD1..Hash=01..
Full trustUnionUnion
Permissions
FileIO
Registry
Environment
Socket
Reflection
Directory Services
Printing
SQLClient
Message Queue
Event Log
DNS
And more…
Permissions represent the right to interact with a given resource
Examples:
Declarative Demands
Specify security check using attributes
Permission state must be known at compile time
Can be viewed with PermView SDK Tool or Ildasm
[FileIOPermission(SecurityAction.Demand, Write = @"C:\Temp")]private void TryToCreateAFile(){ // create a file}
[FileIOPermission(SecurityAction.Demand, Write = @"C:\Temp")]private void TryToCreateAFile(){ // create a file}
SecurityAction Enum
Demand – All callers higher in the call stack are required to have been granted the permission specified by the current permission object
LinkDemand – The immediate caller is required to have been granted the specified permission
Assert – The calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource
And More…
Imperative Demands
private void foo(string FilePath, string FileName){
FileIOPermission filePerm = new FileIOPermission(FileIOPermissionAccess.Write, FilePath);
filePerm.Demand();
// rest of the method}
private void foo(string FilePath, string FileName){
FileIOPermission filePerm = new FileIOPermission(FileIOPermissionAccess.Write, FilePath);
filePerm.Demand();
// rest of the method}
Allows security checks to vary by control flow or method state
Role-based security
Role-Based security allows access to code and resources based on:
The user’s Identity
The roles or groups to which the user belong
Role-Based security based on Principals and Identities classes
Role-based security
Identity information typically consists of the user name and the roles associated with the user
In .Net Framework identity encapsulates the user’s login name, and the principal encapsulates the user’s role membership information
.Net framework supports identity and principal for the Microsoft Windows user and group information, or custom identity and principal
Common Interfaces\BaseClasses
ISecurityEncodableFromXML, ToXML (SecurityElement)
IPermissionCopy, Demand, Intersect, IsSubsetOf, Union
IUnrestrictedIsUnrestriced
CodeAccessPermission as BaseClassPemitOnly, Deny, RevertXXX
Possibilities
Secure our libraries
Defend our servers more effectively
Writing application using RBS
And more…