Sandboxing in .NET CLR
Download as PPTX, PDF2 likes1,311 views
This document discusses sandboxing in the .NET CLR. It covers security architecture and application domains, as well as code access security, permissions, and the transparency model. The document also discusses sandbox implementation and partial trust applications in ASP.NET. It provides references for further exploring the .NET security model and testing for vulnerabilities.
Sandboxing in .NET CLR
- 1. Sandboxing in .NET CLR Mikhail Shcherbakov July 05, 2015
- 2. Coordinator of SPB .NET Community Product Manager at Cezurity One of the core developers of the source code analyzer PT Application Inspector Former Team Lead at Acronis, Luxoft, Boeing About me 2
- 3. Sandboxing is the base of security Development of extensible and security-sensitive applications Troubleshooting and knowledge about the internals Knowledge in Practice ASP.NET / IIS Silverlight SQL CLR XBAP ClickOnce Sharepoint 3
- 10. Policy 10
- 12. Permissions 12
- 13. Permissions 13
- 14. Enforcement 14
- 15. Fully Trusted code in Partially Trusted AppDomain 15
- 17. Level 2 Security Transparency Critical Full Trust code that can do anything Safe Critical Full Trust code Provides access to Critical code Transparent Only verifiable code Cannot p/invoke Cannot elevate/assert 17
- 18. Security Transparency Attributes Assembly Level Type Level Member Level SecurityTransparent SecuritySafeCritical SecurityCritical AllowPartiallyTrustedCallers SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3 18
- 19. Stack walking 19
- 21. ASP.NET Partial Trust applications 2005 2005 2006 2007 2008 2009 2010 2011 2012 Use Medium trust in shared hosting environments bit.ly/1yABGqf August 2005 For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVV July 2008 21
- 22. ASP.NET Partial Trust applications 20152008 2009 2010 2011 2012 2013 ASP.NET Partial Trust does not guarantee application isolation bit.ly/1CRv3Ux June 2012 ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50J April 2013 “The official position of the ASP.NET team is that Medium Trust is obsolete” -Levi Broderick, security developer at Microsoft bit.ly/1If14Gv June 2013 ASP.NET MVC 5 no longer supports partial trust bit.ly/1w0xxuX October 2013 22
- 23. DynamicMethod class MS13-015 vulnerability Could Allow Elevation of Privilege (KB2800277) Trusted Chain Attack 23
- 24. Luring Attack 24
- 25. Luring Attack MS02-061 “Elevation of Privilege in SQL Server Web Tasks” 25
- 29. Summary 29
- 30. Sandboxing: Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7 New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf How to Test for Luring Vulnerabilities bit.ly/1G5asdG Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF Summary 30
- 31. .NET Security: OWASP Top 10 for .NET developers bit.ly/1mpvG9R OWASP .NET Project bit.ly/1vCfknm Troy Hunt blog www.troyhunt.com The WASC Threat Classification v2.0 bit.ly/1G5d8rM Summary 31
- 32. Thank you for your attention! Mikhail Shcherbakov spbdotnet.org [email protected] linkedin.com/in/mikhailshcherbakov github.com/yuske @yu5k3 Product Manager at Cezurity