Creating Secure Applications


Published on

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Creating Secure Applications

    1. 2. Creating Reliable And Robust Applications With Visual Studio 2005 And SQL Server 2005 Andrew Coates Developer Evangelist Microsoft Australia
    2. 3. Agenda <ul><li>Introduction </li></ul><ul><li>Enhancements for secure application development with Visual Studio 2005 </li></ul><ul><li>Security enhancements in SQL Server 2005 </li></ul>
    3. 4. Introduction: Security Today <ul><li>More mission-critical systems </li></ul><ul><li>More IT assets exposed via the Internet </li></ul><ul><ul><li>More ways to connect (more threat paths) </li></ul></ul><ul><ul><li>Everything is becoming connected </li></ul></ul><ul><li>Increased complexity and functionality lead to increased vulnerabilities </li></ul><ul><li>Software must do more to protect on the security front </li></ul><ul><ul><li>Major effort to enhance security capability and features in Visual Studio 2005 and SQL Server 2005 </li></ul></ul>
    4. 5. Visual Studio 2005 and .NET 2.0 Enhancements
    5. 6. Managed Code <ul><li>Designed to run under less privileged accounts </li></ul><ul><li>Improved Code Access Security </li></ul><ul><li>Permissions Calculator </li></ul><ul><li>Debug in Zone </li></ul><ul><li>IntelliSense in Zone (Visual Basic .NET) </li></ul><ul><li>FxCop </li></ul>
    6. 7. Develop Under Less Privileged Account <ul><li>Developing under Least Privileged account is a good practice </li></ul><ul><ul><li>User will not run your application as an administrator </li></ul></ul><ul><ul><li>When developing as admin you may be unaware that non-admin accounts don’t have access to resources that you may access </li></ul></ul><ul><li>Visual Studio 2005 runs much better under non administrative account than previous versions </li></ul>
    7. 8. Security Principles to Live By Practical Least Privilege <ul><li>Elevate as necessary </li></ul><ul><ul><li>RunAs </li></ul></ul><ul><ul><li>MakeMeAdmin ( </li></ul></ul><ul><ul><li>Fast User Switching </li></ul></ul><ul><ul><li>Terminal Services / Remote Desktop </li></ul></ul><ul><li>Vista/Longhorn LUA </li></ul><ul><ul><li>http :// </li></ul></ul><ul><li>Add Granular Permissions </li></ul><ul><li>SQL Server 2005 </li></ul><ul><ul><li>Granular permissions </li></ul></ul><ul><ul><li>Security execution context </li></ul></ul><ul><ul><li>DDL Triggers </li></ul></ul><ul><li>Code Access Security easier with VS 2005 </li></ul><ul><ul><li>Permission Calculator </li></ul></ul><ul><ul><li>Code Access Security - IntelliSense in Zone, Debugging in Zone </li></ul></ul>
    8. 9. Code Access Security <ul><li>Applies security to Assembly Identity </li></ul><ul><li>Allows restriction on the actions an assembly can perform </li></ul><ul><li>Predefined permission sets are available to sandbox low trust code </li></ul><ul><li>Visual Studio 2005 allows the developer to select a target permission set </li></ul>
    9. 10. Code Access Security (CAS) <ul><li>Code access security is a mechanism that helps limit the access code has to protected resources and operations; Has following functions </li></ul><ul><ul><li>Defines permissions and permission sets that represent the right to access various system resources </li></ul></ul><ul><ul><li>Enables administrators to configure security policy </li></ul></ul><ul><ul><li>Enables code to request the permissions it requires in order to run, and specifies which permissions the code must never have </li></ul></ul><ul><ul><li>Grants permissions to each assembly that is loaded, based on the permissions requested and on the operations permitted by security policy </li></ul></ul><ul><ul><li>Enables code to demand that its callers have specific permissions </li></ul></ul><ul><ul><li>Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code </li></ul></ul><ul><ul><li>Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have </li></ul></ul>
    10. 11. Code Access Security Evidence Policy + Permissions
    11. 12. Stack Walk <ul><li>Essential part of the security system </li></ul><ul><li>To protect unauthorized access to protected resources </li></ul><ul><li>Before allowing an assembly access the protected resource may demand a stack walk to verify that all functions in the call chain have permission to access the system resource </li></ul><ul><li>Functions can choose to modify the stack walk, and there are a few mechanisms to do this </li></ul><ul><ul><li>LinkDemands </li></ul></ul><ul><ul><li>Assert </li></ul></ul><ul><ul><li>Deny </li></ul></ul><ul><ul><li>PermitOnly </li></ul></ul>
    12. 13. Stack Walk
    13. 14. Stack Walk P .Demand() Stack walk for permission p Stack walk example Assembly A Assembly B Assembly C Assembly D PermissionSet PermissionSet PermissionSet PermissionSet
    14. 15. Sandboxing <ul><li>Application Domains can be created to sandbox assemblies </li></ul><ul><li>Process for creating a sandbox has been simplified under the 2.0 framework </li></ul><ul><li>API is exposed as a new overload of AppDomain.CreateDomain </li></ul>AppDomain.CreateDomain( string friendlyName,    Evidence securityInfo, AppDomainSetup info, PermissionSet grantSet, params StrongName[] fullTrustAssemblies );
    15. 16. Application Domain Creation
    16. 17. Security Transparent Code <ul><li>Transparent code makes no asserts or demands </li></ul><ul><li>On a stack walk transparent code will have the lesser of its assigned permission set and the permission set of the caller </li></ul><ul><li>FxCop includes rules to ensure transparency is being correctly used </li></ul>
    17. 18. Global Assembly Cache (GAC) Is Full-Trust <ul><li>.NET 2.0 assemblies in the GAC get FullTrust no matter what the security policy says </li></ul><ul><li>The new GacMembershipCondition Class determines whether an assembly belongs to a code group by testing its global assembly cache membership </li></ul><ul><li>Rather than having to know about both the full-trust list and the GAC, a framework developer only has to install their framework in the GAC now. </li></ul>
    18. 19. Increased Strong Name (SN) Key Size <ul><li>SN to generate keys of different sizes; The -k flag takes a key size option as its first parameter </li></ul><ul><li>If the key size is not specified, it defaults to 1024 bits, the same as the v1.0 and v1.1 versions of SN produce; Not all key sizes are valid, for an RSA key  </li></ul><ul><li>Will result in </li></ul>sn -k 2708 invalidKey.snk sn -k 2048 largekey.snk Failed to generate a strong name key pair -- Invalid flags specified
    19. 20. Permissions Calculator <ul><li>PermCalc replaces the PermView utility </li></ul><ul><li>Looks into assemblies on which target has dependencies </li></ul><ul><li>Available as both a command line tool and integrated into Visual Studio </li></ul>
    20. 21. PermCalc
    21. 22. Debugging Enhancements <ul><li>Debug in Zone – Visual Studio can create environment to match permissions for restricted environments </li></ul><ul><li>IntelliSense in Zone (Visual Basic) </li></ul>
    22. 23. Debug In Zone
    23. 24. Debug and IntelliSense In Zone
    24. 25. FxCop <ul><li>Integrated into Visual Studio </li></ul><ul><li>Identifies Design Issues and supplies information on how to fix them </li></ul><ul><li>Enforces Microsoft .Net Design Guidelines </li></ul><ul><li>Can be used as a part of the code check-in policy </li></ul>
    25. 26. FxCop
    26. 27. Other Managed Code Security Enhancements <ul><li>Security cannot be turned of permanently </li></ul><ul><li>New classes </li></ul><ul><ul><li>SecureString </li></ul></ul><ul><ul><ul><li>Contents are kept encrypted </li></ul></ul></ul><ul><ul><ul><li>Modified until set to ReadOnly </li></ul></ul></ul><ul><ul><ul><li>Deleted from memory on demand </li></ul></ul></ul><ul><ul><li>ProtectedMemory </li></ul></ul><ul><ul><ul><li>Used to Encrypt data in Memory </li></ul></ul></ul><ul><ul><ul><li>Uses Data Protection API available in Windows XP and Later </li></ul></ul></ul>
    27. 28. What Else Is New In .NET 2.0 Security <ul><li>Enhanced SecurityException </li></ul><ul><li>Increased SN Key Size </li></ul><ul><li>Transparent Code </li></ul><ul><li>Managed ACLs </li></ul><ul><li>PKCS7 support </li></ul><ul><li>FIPS enforcement </li></ul><ul><li>RFC 2898 PBKDF 2 </li></ul><ul><li>Test key signing </li></ul><ul><li>Enhanced X509 support (via X509Certificate2) </li></ul><ul><li>XML Encryption </li></ul><ul><li>AppDomainManager/HostSecurityManager </li></ul>
    28. 29. Team Foundation Server Check In Policies <ul><li>Code Analysis </li></ul><ul><li>Testing </li></ul><ul><li>Peer Review </li></ul>
    29. 30. TFS Check In Policies
    30. 31. Unmanaged Code <ul><li>Application Verifier </li></ul><ul><li>Integrated Code Analysis Tools </li></ul><ul><li>Buffer Check Switch </li></ul><ul><li>Safe C Runtime Library </li></ul>
    31. 32. SQL Server 2005 Enhancements
    32. 33. SQL Server 2005 Enhancements <ul><li>Secure by Default </li></ul><ul><li>Password Policy </li></ul><ul><li>Strengthened Authentication </li></ul><ul><li>User-Schema Separation </li></ul><ul><li>Granular Permissions </li></ul><ul><li>Execution Context </li></ul><ul><li>Encryption </li></ul><ul><li>Catalog Security </li></ul>
    33. 34. Secure By Default <ul><li>If SQL Server 2005 is installed and no options are changed, it is installed in a secure state </li></ul><ul><li>Access to many resources must now be explicitly granted or enabled before being used </li></ul><ul><li>Surface Area Configuration Tool </li></ul>
    34. 35. Surface Area Configuration Tool
    35. 36. Password Policy And Authentication <ul><li>SQL Server 2005 can inherit the Password Policy when hosted on Windows 2003 </li></ul><ul><li>Can be enabled or disabled on a per login basis </li></ul><ul><li>Logins can be enabled and disabled </li></ul><ul><li>Login protocol uses stronger channel </li></ul><ul><ul><li>Uses SQL Server generated certificate </li></ul></ul><ul><ul><li>No SSL certificate loading is required </li></ul></ul>
    36. 37. User-Schema Separation <ul><li>Objects are associated with a schema instead of a user </li></ul><ul><li>Object naming scheme and resolution have been changed </li></ul><ul><ul><li>server.database.schema.object </li></ul></ul><ul><li>Users can be assigned a default schema </li></ul>
    37. 38. User-Schema Separation
    38. 39. Granular Permissions <ul><li>Permissions can be applied to three scopes: Server, database, and schema </li></ul><ul><li>Permissions can have one of three states: Granted, revoked, and denied </li></ul><ul><li>New Permissions Added </li></ul><ul><li>Securable – entities to be secured (tables, views, assemblies, servers, and others) </li></ul><ul><li>Grantee – Server level permission </li></ul><ul><li>Catalog Security </li></ul>
    39. 40. Execution Context <ul><li>EXECUTE AS CALLER (default) </li></ul><ul><li>EXECUTE AS ‘USER’ </li></ul><ul><li>EXECUTE AS SELF </li></ul><ul><li>EXECUTE AS OWNER </li></ul>
    40. 41. Execute AS
    41. 42. Endpoint Security <ul><li>An Endpoint is a point of entry into SQL Server </li></ul><ul><li>Endpoint Transports Include </li></ul><ul><ul><li>Shared Memory </li></ul></ul><ul><ul><li>Named Pipes </li></ul></ul><ul><ul><li>TCP </li></ul></ul><ul><ul><li>Virtual Interface Adapter </li></ul></ul><ul><ul><li>HTTP (Windows 2003 and XP SP2 Only) </li></ul></ul><ul><li>HTTP Transport is not created by default </li></ul><ul><li>HTTP Endpoints support 4 authentication types for web methods </li></ul><ul><li>Anonymous access is not allowed </li></ul><ul><li>Communications can be secured with SSL </li></ul>
    42. 43. Encryption <ul><li>SQL Server now has built in support for encryption and decryption </li></ul><ul><li>Keys can be secured within or external to SQL Server </li></ul><ul><li>Supports Symmetric encryption, Asymmetric encryption, Encryption by paraphrase and certificates </li></ul>
    43. 44. Encryption
    44. 45. Other Stuff (Canberra) <ul><li>Event DVDs will be mailed to you in the next week or so. </li></ul><ul><li>Go to Code Camp </li></ul>
    45. 46. Some More Microsoft Resources <ul><li>Security eForum site </li></ul><ul><ul><li> australia/eforum </li></ul></ul><ul><li>MSDN Security Development Centre </li></ul><ul><ul><li>http:// /security/ </li></ul></ul><ul><li>Security Development Centre – Writing Secure Code </li></ul><ul><ul><li>http:// </li></ul></ul><ul><li>Patterns and Practices: Security Guidelines </li></ul><ul><ul><li> </li></ul></ul><ul><li>What’s new in Security for v2.0 </li></ul><ul><ul><li> </li></ul></ul><ul><li>What’s new with Code Access Security in the .Net Framework 2.0 </li></ul><ul><ul><li> </li></ul></ul><ul><li>Security Enhancements in Visual Studio 2005 </li></ul><ul><ul><li> </li></ul></ul><ul><li>Repel Attacks on Your Code with Visual Studio 2005 Safe C and C++ Libraries </li></ul><ul><ul><li> </li></ul></ul><ul><li>SQL Server 2005 Security </li></ul><ul><ul><li> </li></ul></ul><ul><li>Visual Studio 2005 and SQL Server 2005 Webcast </li></ul><ul><ul><li> </li></ul></ul>
    46. 48. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.