Documente Academic
Documente Profesional
Documente Cultură
1
Code Access Security: Motivation
2
History
3
Figure 1.1: Monolithic applications
Alice
APP.EXE
APP.DLL
4
The Component Revolution
5
Figure 1.2: Component-based applications
Alice
APP.EXE
FOO.DLL
BAR.DLL
QUUX.DLL ACME.DLL
BAZ.DLL
6
Authenticode
7
Figure 1.3: Well-meaning, but ultimately bad code
void main() {
foo();
}
void foo() {
char buf[1024]; // surely this will be big enough!
readUserNameFromForm(buf);
logUserName(buf);
}
8
Code Access Security
9
Figure 1.4: CAS is layered on top of OS native security
Alice
HOST.EXE
FOO.DLL
BAR.DLL
QUUX.DLL ACME.DLL
BAZ.DLL
MSCORLIB.DLL
10
Security Policy
11
Permissions
12
Figure 1.5: The IPermission interface
namespace System.Security {
interface IPermission {
bool IsSubsetOf(IPermission target); // comparison
13
Figure 1.6: The ISecurityEncodable interface
namespace System.Security {
interface ISecurityEncodable {
void FromXml(SecurityElement elem);
SecurityElement ToXml();
}
}
14
Figure 1.7: The PermissionSet class
namespace System.Security {
class PermissionSet : ISecurityEncodable, ... {
15
Figure 1.8: Some built-in code access security permission classes
DBDataPermission
PrintingPermission
MessageQueuePermission
DnsPermission
SocketPermission
WebPermission
EnvironmentPermission
FileDialogPermission
FileIOPermission
IsolatedStoragePermission
ReflectionPermission
RegistryPermission
SecurityPermission
UIPermission
16
Figure 1.9: Example: requesting a permission
using System.Security.Permissions;
class Test {
public void readSomeFile() {
17
Evidence
18
Figure 1.10: Some built-in classes of evidence
Zone
Site
Url
Publisher
StrongName
19
Policy Levels
20
Figure 1.11: Policy levels
Machine
User Host
21
Code Groups
22
Figure 1.12: A policy level consists of a tree of code groups
Criteria
Permission Set
23
Figure 1.13: Modeling a boolean AND with two code groups
Criteria:
Publisher is ACME
Permission Set:
Nothing (empty)
Criteria:
Zone is Intranet
24
Figure 1.14: Modeling a boolean OR with two code groups
Criteria: Criteria:
Publisher is ACME Zone is Intranet
25
Declarative Permission Requests
26
Figure 1.15: Annotating an assembly with permission requests
using System;
using System.Security.Permissions;
[assembly: PermissionSetAttribute(
SecurityAction.RequestMinimum,
File="min_perm.xml")]
[assembly: PermissionSetAttribute(
SecurityAction.RequestOptional,
File="opt_perm.xml")]
class ep {
static void Main() {
Console.WriteLine("Hello World");
}
}
27
Figure 1.16: Creating a serialized permission set
28
Administering Policy
29
The CAS Stackwalk
30
The Luring Attack
31
Figure 1.17: The IStackWalk interface
namespace System.Security {
public interface IStackWalk {
void Assert();
void Demand();
void DemandImmediate();
void Deny();
void PermitOnly();
}
}
32
Demand and DemandImmediate
33
Deny and PermitOnly
34
Figure 1.18: Example: denying permissions before making a call
35
Figure 1.19: How to remove CAS stack frame modifiers
36
Assert
37
Figure 1.20: Deny versus Assert in a stackwalk
A, B
A, C
call stack
A, C Deny A
A, B, C Assert B
A, B, C
A, B, C
Demand A Demand B Demand C
denied granted denied
38
Bootstrapping
39
Figure 1.21: Setting top-of-stack permissions for a new AppDomain
40
Summary
41