Code Access Security

Code Access Security

Ami DuduSoftware architect

[email protected]

Agenda

Goals

Evidence-Based security

Security policy

Permission classes

Role-based Security

Common Interfaces\BaseClasses

Implementing your own classes

Goals

Ensures that code can access only resources it has the right to accessAllows security policy to control the resource code has access to based on:

Where the code comes fromOther aspects of the code’s identity

Allows programmers to specify resources that their code

Must be able to access in order to run effectivelyCould optionally accessShould not be able to access

Possibilities

Secure our libraries

Defend our servers more effectively

Writing application using RBS

And more…

Evidence-Based security

Set of information about the identity and origin of an assembly

Uses by the .Net Framework security system at load time to determine the permissions an assembly receives

Evidence includes things such as Strong-Name, Signature, Code Location, Zone and can also be custom-defined

Security policy

Storage of the security permissionsPolicy levels: enterprise, machine, userEach level consists of a collection of hierarchical code groups, and each code group has a set of permissions (file system, registry, environment variables etc.)Final Permission set is union for same level and intersection between levels

Security Policy

Nothing

Full trust

Full trust

Calc. level permission

All CodeAll CodeNothingNothing

Zone=My ComputerZone=My ComputerFull trustFull trust

Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission

SN=0xD1…SN=0xD1…Full trustFull trust

Hash=01…Hash=01…Events PermissionEvents Permission

Hash=04…Hash=04…UI PermissionUI Permission

Hash=00…Hash=00…Events PermissionEvents Permission

C:\foo.dllSN=0x00..Hash=00..

UnionUnion

Events Permission

Full trust

Nothing

Calc. level permission

All CodeAll CodeNothingNothing

Zone=My ComputerZone=My ComputerFull trustFull trust

Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission

SN=0xD1…SN=0xD1…Full trustFull trust

Hash=01…Hash=01…Events PermissionEvents Permission

Hash=04…Hash=04…UI PermissionUI Permission

Hash=00…Hash=00…Events PermissionEvents Permission

http://wwwSN=0xD1..Hash=00..

Full trustUnionUnion

Full trustFull trust

Nothing

Calc. level permission

All CodeAll CodeNothingNothing

Zone=My ComputerZone=My ComputerFull trustFull trust

Zone=Local IntranetZone=Local IntranetIO PermissionIO Permission

SN=0xD1…SN=0xD1…Full trustFull trust

Hash=01…Hash=01…Events PermissionEvents Permission

Hash=04…Hash=04…UI PermissionUI Permission

Hash=00…Hash=00…Events PermissionEvents Permission

C:\foo.dllSN=0xD1..Hash=01..

Full trustUnionUnion

Playing with rights

Permissions

FileIO

Registry

Environment

Socket

Reflection

Directory Services

Printing

SQLClient

Message Queue

Event Log

DNS

And more…

Permissions represent the right to interact with a given resource

Examples:

Declarative Demands

Specify security check using attributes

Permission state must be known at compile time

Can be viewed with PermView SDK Tool or Ildasm

[FileIOPermission(SecurityAction.Demand, Write = @"C:\Temp")]private void TryToCreateAFile(){ // create a file}

[FileIOPermission(SecurityAction.Demand, Write = @"C:\Temp")]private void TryToCreateAFile(){ // create a file}

SecurityAction Enum

Demand – All callers higher in the call stack are required to have been granted the permission specified by the current permission object

LinkDemand – The immediate caller is required to have been granted the specified permission

Assert – The calling code can access the resource identified by the current permission object, even if callers higher in the stack have not been granted permission to access the resource

And More…

Imperative Demands

private void foo(string FilePath, string FileName){

FileIOPermission filePerm = new FileIOPermission(FileIOPermissionAccess.Write, FilePath);

filePerm.Demand();

// rest of the method}

private void foo(string FilePath, string FileName){

FileIOPermission filePerm = new FileIOPermission(FileIOPermissionAccess.Write, FilePath);

filePerm.Demand();

// rest of the method}

Allows security checks to vary by control flow or method state

Permission classes methods

Demand

Union

Intersect

Assert

RevertAssert

And more…

Work with permissions

Role-based security

Role-Based security allows access to code and resources based on:

The user’s Identity

The roles or groups to which the user belong

Role-Based security based on Principals and Identities classes

Role-based security

Identity information typically consists of the user name and the roles associated with the user

In .Net Framework identity encapsulates the user’s login name, and the principal encapsulates the user’s role membership information

.Net framework supports identity and principal for the Microsoft Windows user and group information, or custom identity and principal

Role-based security

Common Interfaces\BaseClasses

ISecurityEncodableFromXML, ToXML (SecurityElement)

IPermissionCopy, Demand, Intersect, IsSubsetOf, Union

IUnrestrictedIsUnrestriced

CodeAccessPermission as BaseClassPemitOnly, Deny, RevertXXX

Implementing your own classes

Possibilities

Secure our libraries

Defend our servers more effectively

Writing application using RBS

And more…

Questions ?