sandboxing in .net clr
TRANSCRIPT
Mikhail Shcherbakov
July 05, 2015
Sandboxing in .NET CLRMikhail Shcherbakov
IT Global Meetup #6
IntelliEgg
Creator of IntelliDebugger projectCoordinator of SPB .NET CommunityFormer Product manager and Team lead at Cezurity, Positive Technologies, Acronis, Luxoft, Boeing
About me
2
Sandboxing is the base of security
Development of extensible and security-sensitive applications
Troubleshooting and knowledge about the internals
Knowledge in Practice
ASP.NET / IIS Silverlight SQL CLR XBAP ClickOnce Sharepoint
3
Security Architecture
4
Security Architecture
5
Application Domains
6
The verification process
7
Just-in-time verification
Code Access Security
9
Policy
10
deprecated
in .NET Framework
4
Policy
11
Permissions
12
Permissions
13
Enforcement
14
Fully Trusted code in Partially Trusted AppDomain
15
Transparency Model
16
Level 2 Security Transparency
CriticalFull Trust code that can do anything
Safe CriticalFull Trust code Provides access to Critical code
TransparentOnly verifiable code Cannot p/invoke Cannot
elevate/assert
17
Security Transparency Attributes
Assembly Level
Type Level
Member Level
SecurityTransparent SecuritySafeCritical SecurityCritical AllowPartiallyTrustedCallers
SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3
18
Stack walking
19
Sandbox implementation
ASP.NET Partial Trust applications
2005 2005 2006 2007 2008 2009 2010 2011 2012
Use Medium trust in shared hosting environments bit.ly/1yABGqfAugust 2005
For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVVJuly 2008
21
ASP.NET Partial Trust applications
20152008 2009 2010 2011 2012 2013
ASP.NET Partial Trust does not guarantee application isolationbit.ly/1CRv3UxJune 2012
ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50JApril 2013
“The official position of the ASP.NET team is that Medium Trust is obsolete”
-Levi Broderick, security developer at Microsoft bit.ly/1If14Gv
June 2013ASP.NET MVC 5 no longer supports partial trust bit.ly/1w0xxuX
October 2013
22
DynamicMethod classMS13-015 vulnerability
Could Allow Elevation of Privilege (KB2800277)
Trusted Chain Attack
23
Luring Attack
24
Luring AttackMS02-061 “Elevation of Privilege in SQL Server Web Tasks”
25
Exception Filter Attack
Exception Filter Attack
27
Exception Filter Attack
28
Summary
29
Sandboxing:Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7
New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf
How to Test for Luring Vulnerabilities bit.ly/1G5asdG
Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF
Summary
30
.NET Security:OWASP Top 10 for .NET developers bit.ly/1mpvG9R
OWASP .NET Project bit.ly/1vCfknmTroy Hunt blog www.troyhunt.comThe WASC Threat Classification v2.0 bit.ly/1G5d8rM
Summary
31
Thank you for your attention!Mikhail Shcherbakov
spbdotnet.orglinkedin.com/in/mikhailshcherbakovgithub.com/yuske@yu5k3
IntelliEgg