- Essential .NET Security. - Examine security features of the .NET platform. - Public Key Cryptography and SSL. - Securing System.Runtime.Remoting. - Attacker finds a way to gain more privileges on the system – the ultimate goal is to gain administrative privileges. - Use WinXP and .NET Server’s built in low-privilege accounts – NT Authority \ LocalService. - Conventional crypto from .NET. - Encrypting static data – generate a random key – encrypt the data. - System.Security.Cryptography doesn’t expose them at all. - The .NET Framework classes automate this. - Encrypting data in .NET. - Algorithms and implementations in .NET. - Decrypting data in .NET. - create a CryptoStream object based on your key – pump data through the stream to decrypt it. - Passwords or phrases can be turned into conventional keys – variable length passphrase converted into a fixed length key – hash of password produces fixed length key. - To authenticate with some other server – server doesn’t know client’s password – this is more complex. - session key is sent to client encrypted with client’s master key. - Authority gives the client a “ticket” to send to the server. - client’s name. - Is a ticket enough to prove the client’s identity?. - Client needs to prove knowledge of the session key – remember, the authority “whispered” this to the client – only someone with the client’s master key could have. - .NET Framework currently has no official wrappers for SSPI – but a sample written by the .NET remoting team provides this – http://msdn.microsoft.com/library/en-us/dndotnet/html/remsspi.asp. - Using SSPI from .NET (initial authentication). - server code to look at client’s name WindowsIdentity clientIdentity. - Using SSPI from .NET (protecting the channel). - The .NET Framework has great support for cryptography. - Currently no support for raw Kerberos in .NET Framework. - Public Key Cryptography and Authentication. - Public key cryptography. - Using public keys from the .NET Framework. - Origins of public key cryptography. - Keys are generated in pairs – public key. - plaintext encrypted with the public key. - ciphertext decrypted with the corresponding private key – much, much slower than conventional cryptography!. - public key encrypt. - we use a public key to encrypt the session key. - Public key cryptography is not a silver bullet!. - Certificate couples a name with a public key. - authority’s public key is well-known. - Bob’s public key Bob. - Public key encryption in the .NET Framework. - Using CAPICOM from .NET. - session key encrypted with the public key of recipient 1. - session key encrypted with the public key of recipient 2. - authority X asserts that this is subject Y’s public key. - ASP.NET web applications have IIS as a front end – web services have IIS as a front end. - secure .NET remoting uses IIS as a front end. - Public key cryptography is used to create signatures and encrypt keys. - Certificates help authenticate public key material. - CAPICOM can be used from the .NET Framework. - A whirlwind tour of operating system security concepts on the .NET Platform. - The TCB is a theoretical boundary – the TCB must enforce security policy. - The .NET Framework abstracts this with two interfaces. - using System.Security.Principal;. - server looks at client token to make security decisions – can check client’s groups via IsInRole, for example. - This is key to “Role Based Security” infrastructure in .NET. - Thread.CurrentPrincipal is simply for application bookkeeping – the operating system doesn’t ever see or use this information – we’ll talk about impersonation in the next module…. - using System.Threading;. - Thread.CurrentPrincipal = client;. - using System.Security.Permissions;. - Thread.CurrentPrincipal. - Continuing our whirlwind tour of operating system security concepts on the .NET Platform. - After authentication, the server can do two things with the client’s token. - place the client’s token on the server’s thread and call out to some other secure resource manager. - Console.WriteLine("Client name is {0}", client.Name);. - slap the client’s token on this thread temporarily WindowsImpersonationContext ctx = client.Impersonate();. - remove client’s token from this thread. - ASP.NET thread (MTA). - elevation of privilege vulnerability in ASP.NET when calling. - impersonate temporarily to access external resources as client – stop impersonating immediately. - Thread.CurrentPrincipal). - using System.IO;. - temporarily impersonate the client to access a file WindowsImpersonationContext ctx = client.Impersonate();. - authentication helped to verify the client’s credentials, but most likely did not transmit them to the server. - It’s expensive (infeasible, really) to discover groups manually – need to visit both client’s and server’s authorities. - but this required the server to know the client’s password – example: IIS certificate mapping or basic authentication. - Protocol transition allows trusted servers to obtain tickets on a client’s behalf. - without knowing the client’s password. - Securing mobile code in the .NET Framework Part 1: motivation, permissions, and policy. - native code in the COM era – assembly in the .NET era. - your company’s intranet – the public Internet. - The .NET assembly loader and trust levels. - Each .NET assembly may run with different privileges – explicitly installed code usually trusted. - assembly loader gathers evidence like source and public key – security policy used to evaluate evidence. - The .NET loader, illustrated. - FCL supplies classes used to represent evidence – in System.Security.Policy namespace. - in System.Security.Permissions namespace DBDataPermission. - Framework supplies policy classes – System.Security.Policy namespace. - View/edit using .NET Framework Configuration MMC snapin. - C:\>permview \windows\microsoft.net\...\mscorlib.dll minimal permission set:. - <PermissionSet class="System.Security.PermissionSet". - <IPermission class="System.Security.Permissions.SecurityPermission". - Extracting a public key into a byte array. - Microsoft (R) .NET Framework SecUtil 1.0.3705.0. - Public Key. - using System.Security;. - Console.WriteLine(".NET Code Access Security is currently {0}", SecurityManager.SecurityEnabled ? "enabled". - CAS is the .NET security model for dealing with mobile code. - Securing mobile code in the .NET Framework. - At runtime, the .NET Framework classes demand permissions before performing sensitive operations
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt