Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security Model in .NET Framework 
Mikhail Shcherbakov 
senior software developer 
Positive Technologies 
.NEXT conference
About me 
― Senior software developer at Positive Technologies 
― Working on Application Inspector - source code analysis ...
Knowledge in Practice 
― Sandboxing is the base of security 
 ASP.NET / IIS  Silverlight 
 SQL CLR  XBAP 
 ClickOnce ...
Knowledge in Practice 
― Are there some security features in Paint.NET that restrict what a plugin can do 
and what it can...
Terms 
C# 5.0 Language Specification http://bit.ly/1tXdOI2 
Common Language Infrastructure (CLI) Standard ECMA-335 http://...
.NET Framework 4 Security Architecture
.NET Framework 4 Security Architecture
.NET Framework 4 Security Architecture
.NET Framework 4 Security Architecture
Application Domains
The verification process
Just-in-time verification
Code Access Security
Policy
Policy 
deprecated 
in .NET 
Framework 4
Permissions
Permissions
Enforcement
Fully Trusted code in Partially Trusted AppDomain
Transparency Model
Level 2 Security Transparency 
Transparent 
Only verifiable code Cannot p/invoke Cannot elevate/assert 
Safe Critical 
Ful...
Security Transparency Attributes 
Assembly 
Level 
Type Level Member 
Level 
SecurityTransparent    
SecuritySafeCritic...
Stack walking
Sandbox implementation
ASP.NET Partial Trust applications 
Use Medium trust 
in shared hosting 
environments 
bit.ly/1yABGqf 
August 2005 
For We...
Trusted Chain attack 
― DynamicMethod class 
― MS13-015 vulnerability 
Could Allow Elevation of Privilege (KB2800277)
Trusted Chain attack 
― DynamicMethod class 
― MS13-015 vulnerability 
Could Allow Elevation of Privilege (KB2800277)
Summary 
http://goo.gl/A5QrZm
Summary 
.NET Security: 
― OWASP Top 10 for .NET developers bit.ly/1mpvG9R 
― OWASP .NET Project bit.ly/1vCfknm 
― Troy Hu...
Thank you for your attention! 
Mikhail Shcherbakov 
Positive Technologies 
linkedin.com/in/mikhailshcherbakov 
yuske.dev@g...
Security Model in .NET Framework
Upcoming SlideShare
Loading in …5
×

Security Model in .NET Framework

1,771 views

Published on

Presentation "Security Model in .NET Framework" on .NEXT conference (dotnext.ru). In this briefing, I tell about security architecture in .NET Framework 4.0 and later, using AppDomains and Code Access Security (CAS) in various applications, development of their own sandbox, design of pluginable security-sensitive architecture and using sandboxing in ASP.NET applications. I demonstrated the sample of Trusted Chain attack to bypass CAS restrictions.

Published in: Technology
  • Be the first to comment

Security Model in .NET Framework

  1. 1. Security Model in .NET Framework Mikhail Shcherbakov senior software developer Positive Technologies .NEXT conference
  2. 2. About me ― Senior software developer at Positive Technologies ― Working on Application Inspector - source code analysis product ― Former team lead at Acronis and Luxoft
  3. 3. Knowledge in Practice ― Sandboxing is the base of security  ASP.NET / IIS  Silverlight  SQL CLR  XBAP  ClickOnce  Sharepoint ― Development of extensible and security-sensitive applications ― Troubleshooting and knowledge about the internals
  4. 4. Knowledge in Practice ― Are there some security features in Paint.NET that restrict what a plugin can do and what it can access? ― There are no security features. And no, there is no guarantee of safety… ― If there are no security features, then ... whenever Paint.NET was running, it could look for interesting files and send them off to Russia. “ “Plugins & Security?” topic, Paint.NET Forum http://bit.ly/1ABI3sH #send2Russia
  5. 5. Terms C# 5.0 Language Specification http://bit.ly/1tXdOI2 Common Language Infrastructure (CLI) Standard ECMA-335 http://bit.ly/1IesnAK
  6. 6. .NET Framework 4 Security Architecture
  7. 7. .NET Framework 4 Security Architecture
  8. 8. .NET Framework 4 Security Architecture
  9. 9. .NET Framework 4 Security Architecture
  10. 10. Application Domains
  11. 11. The verification process
  12. 12. Just-in-time verification
  13. 13. Code Access Security
  14. 14. Policy
  15. 15. Policy deprecated in .NET Framework 4
  16. 16. Permissions
  17. 17. Permissions
  18. 18. Enforcement
  19. 19. Fully Trusted code in Partially Trusted AppDomain
  20. 20. Transparency Model
  21. 21. Level 2 Security Transparency Transparent Only verifiable code Cannot p/invoke Cannot elevate/assert Safe Critical Full Trust code Provides access to Critical code Critical Full Trust code that can do anything
  22. 22. Security Transparency Attributes Assembly Level Type Level Member Level SecurityTransparent    SecuritySafeCritical    SecurityCritical    AllowPartiallyTrustedCallers    SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3
  23. 23. Stack walking
  24. 24. Sandbox implementation
  25. 25. ASP.NET Partial Trust applications Use Medium trust in shared hosting environments bit.ly/1yABGqf August 2005 For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVV July 2008 ASP.NET Partial Trust does not guarantee application isolation bit.ly/1CRv3Ux June 2012 ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50J April 2013 2005 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 October 2013 June 2013 ASP.NET MVC 5 no longer “The official position of the ASP.NET team is that Medium Trust is obsolete” -Levi Broderick, security developer at Microsoft bit.ly/1If14Gv supports partial trust bit.ly/1w0xxuX
  26. 26. Trusted Chain attack ― DynamicMethod class ― MS13-015 vulnerability Could Allow Elevation of Privilege (KB2800277)
  27. 27. Trusted Chain attack ― DynamicMethod class ― MS13-015 vulnerability Could Allow Elevation of Privilege (KB2800277)
  28. 28. Summary http://goo.gl/A5QrZm
  29. 29. Summary .NET Security: ― OWASP Top 10 for .NET developers bit.ly/1mpvG9R ― OWASP .NET Project bit.ly/1vCfknm ― Troy Hunt blog www.troyhunt.com ― The WASC Threat Classification v2.0 bit.ly/1G5d8rM Sandboxing: ― Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7 ― New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf ― How to Test for Luring Vulnerabilities bit.ly/1G5asdG ― Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF
  30. 30. Thank you for your attention! Mikhail Shcherbakov Positive Technologies linkedin.com/in/mikhailshcherbakov yuske.dev@gmail.com github.com/yuske @yu5k3

×