Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sandboxing in .NET CLR

862 views

Published on

The "Sandboxing in .NET CLR" slides at DevTalk Conference, Kharkiv. http://www.devtalk.dev-pro.net/

Published in: Technology
  • Be the first to comment

Sandboxing in .NET CLR

  1. 1. Sandboxing in .NET CLR Mikhail Shcherbakov July 05, 2015
  2. 2. Coordinator of SPB .NET Community Product Manager at Cezurity One of the core developers of the source code analyzer PT Application Inspector Former Team Lead at Acronis, Luxoft, Boeing About me 2
  3. 3. Sandboxing is the base of security Development of extensible and security-sensitive applications Troubleshooting and knowledge about the internals Knowledge in Practice  ASP.NET / IIS  Silverlight  SQL CLR  XBAP  ClickOnce  Sharepoint 3
  4. 4. Security Architecture 4
  5. 5. Security Architecture 5
  6. 6. Application Domains 6
  7. 7. The verification process 7
  8. 8. Just-in-time verification
  9. 9. Code Access Security 9
  10. 10. Policy 10
  11. 11. deprecated in .NET Framework 4 Policy 11
  12. 12. Permissions 12
  13. 13. Permissions 13
  14. 14. Enforcement 14
  15. 15. Fully Trusted code in Partially Trusted AppDomain 15
  16. 16. Transparency Model 16
  17. 17. Level 2 Security Transparency Critical Full Trust code that can do anything Safe Critical Full Trust code Provides access to Critical code Transparent Only verifiable code Cannot p/invoke Cannot elevate/assert 17
  18. 18. Security Transparency Attributes Assembly Level Type Level Member Level SecurityTransparent    SecuritySafeCritical    SecurityCritical    AllowPartiallyTrustedCallers    SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3 18
  19. 19. Stack walking 19
  20. 20. Sandbox implementation
  21. 21. ASP.NET Partial Trust applications 2005 2005 2006 2007 2008 2009 2010 2011 2012 Use Medium trust in shared hosting environments bit.ly/1yABGqf August 2005 For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVV July 2008 21
  22. 22. ASP.NET Partial Trust applications 20152008 2009 2010 2011 2012 2013 ASP.NET Partial Trust does not guarantee application isolation bit.ly/1CRv3Ux June 2012 ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50J April 2013 “The official position of the ASP.NET team is that Medium Trust is obsolete” -Levi Broderick, security developer at Microsoft bit.ly/1If14Gv June 2013 ASP.NET MVC 5 no longer supports partial trust bit.ly/1w0xxuX October 2013 22
  23. 23. DynamicMethod class MS13-015 vulnerability Could Allow Elevation of Privilege (KB2800277) Trusted Chain Attack 23
  24. 24. Luring Attack 24
  25. 25. Luring Attack MS02-061 “Elevation of Privilege in SQL Server Web Tasks” 25
  26. 26. Exception Filter Attack
  27. 27. Exception Filter Attack 27
  28. 28. Exception Filter Attack 28
  29. 29. Summary 29
  30. 30. Sandboxing: Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7 New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf How to Test for Luring Vulnerabilities bit.ly/1G5asdG Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF Summary 30
  31. 31. .NET Security: OWASP Top 10 for .NET developers bit.ly/1mpvG9R OWASP .NET Project bit.ly/1vCfknm Troy Hunt blog www.troyhunt.com The WASC Threat Classification v2.0 bit.ly/1G5d8rM Summary 31
  32. 32. Thank you for your attention! Mikhail Shcherbakov spbdotnet.org ms@cezurity.com linkedin.com/in/mikhailshcherbakov github.com/yuske @yu5k3 Product Manager at Cezurity

×