Sandboxing in .NET CLR
Download as PPTX, PDF1 like484 views
Mikhail Shcherbakov gave a presentation on sandboxing in the .NET CLR. He discussed the .NET security architecture including application domains, code access security, permissions, and the transparency model. He explained how sandboxing is the base of security and developing extensible yet secure applications. He also covered sandbox implementation in ASP.NET partial trust applications and vulnerabilities like the luring attack and exception filter attack that bypass security.
Sandboxing in .NET CLR
- 1. Mikhail Shcherbakov July 05, 2015 Sandboxing in .NET CLR Mikhail Shcherbakov IT Global Meetup #6 IntelliEgg
- 2. Creator of IntelliDebugger project Coordinator of SPB .NET Community Former Product manager and Team lead at Cezurity, Positive Technologies, Acronis, Luxoft, Boeing About me 2
- 3. Sandboxing is the base of security Development of extensible and security-sensitive applications Troubleshooting and knowledge about the internals Knowledge in Practice ASP.NET / IIS Silverlight SQL CLR XBAP ClickOnce Sharepoint 3
- 10. Policy 10
- 12. Permissions 12
- 13. Permissions 13
- 14. Enforcement 14
- 15. Fully Trusted code in Partially Trusted AppDomain 15
- 17. Level 2 Security Transparency Critical Full Trust code that can do anything Safe Critical Full Trust code Provides access to Critical code Transparent Only verifiable code Cannot p/invoke Cannot elevate/assert 17
- 18. Security Transparency Attributes Assembly Level Type Level Member Level SecurityTransparent SecuritySafeCritical SecurityCritical AllowPartiallyTrustedCallers SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3 18
- 19. Stack walking 19
- 21. ASP.NET Partial Trust applications 2005 2005 2006 2007 2008 2009 2010 2011 2012 Use Medium trust in shared hosting environments bit.ly/1yABGqf August 2005 For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVV July 2008 21
- 22. ASP.NET Partial Trust applications 20152008 2009 2010 2011 2012 2013 ASP.NET Partial Trust does not guarantee application isolation bit.ly/1CRv3Ux June 2012 ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50J April 2013 “The official position of the ASP.NET team is that Medium Trust is obsolete” -Levi Broderick, security developer at Microsoft bit.ly/1If14Gv June 2013 ASP.NET MVC 5 no longer supports partial trust bit.ly/1w0xxuX October 2013 22
- 23. DynamicMethod class MS13-015 vulnerability Could Allow Elevation of Privilege (KB2800277) Trusted Chain Attack 23
- 24. Luring Attack 24
- 25. Luring Attack MS02-061 “Elevation of Privilege in SQL Server Web Tasks” 25
- 29. Summary 29
- 30. Sandboxing: Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7 New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf How to Test for Luring Vulnerabilities bit.ly/1G5asdG Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF Summary 30
- 31. .NET Security: OWASP Top 10 for .NET developers bit.ly/1mpvG9R OWASP .NET Project bit.ly/1vCfknm Troy Hunt blog www.troyhunt.com The WASC Threat Classification v2.0 bit.ly/1G5d8rM Summary 31
- 32. Thank you for your attention! Mikhail Shcherbakov spbdotnet.org linkedin.com/in/mikhailshcherbakov github.com/yuske @yu5k3 IntelliEgg