security features of ms net l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Features of MS .Net PowerPoint Presentation
Download Presentation
Security Features of MS .Net

Loading in 2 Seconds...

play fullscreen
1 / 28

Security Features of MS .Net - PowerPoint PPT Presentation


  • 192 Views
  • Uploaded on

Security Features of MS .Net. Julia Vortman. Framework Overview. The .NET Framework is a component of the Microsoft Windows operating system used to build and run Windows-based applications

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Features of MS .Net' - delbert


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
framework overview
Framework Overview
  • The .NET Framework is a component of the Microsoft Windows operating system used to build and run Windows-based applications
  • .NET Framework is a robust platform that simplifies development of high-performance systems featuring great performance, scalability, integration, reliability, and security, with minimal deployment and management costs.
framework security features
Framework Security Features
  • Managing user identity (trust of user)
    • Role-Based Security
    • Web Applications Security
  • Managing code on the client, server, or framework (trust of code)
    • Evidence-Based Security
    • Code Access Security
    • Cryptography
role based security
Role-Based Security

Enforces security permissions based on user

identity by implementing the following concepts:

  • Authentication
    • Examines user, or a principal identity through username and password verifications
  • Authorization
    • Enables or restricts principal access to specific applications/roles
web application security

.NET Framework

Unified Classes

ASP.NET

Common Language Runtime

Windows

Operating System Services

Web Application Security

Provides web application security

web applications security cont d
Web Applications Security (Cont’d)
  • Additional Authentication
    • Authentication protocols: Microsoft Passport, Form-Based (cookie), etc.
  • Additional Authorization
    • URL authorization allows or denies access to URLs based on user identity or roles
evidence based security
Evidence-Based Security
  • Controls application’s access rights based on who wrote the code, what the code is trying to do, where it was installed from, and who is trying to run it
    • Before the code is executed, the security policy system examines it based on the evidence
    • Then, access is granted (or denied), but the code execution is limited by the allowed permissions
evidence based security advantage
Evidence-Based Security Advantage
  • Major advantage to evidence-based security is that the code management can be restricted to using only well-defined interfaces
    • Code can be downloaded from unsecured sources and safely executed
    • Applications composed of many components can be safely installed with multiple security levels
code access security
Code Access Security
  • Security policy built on an evidence-based security policy system
  • Specifies the level of access the code has to resources and operations
  • Enforces security with different levels of trust
  • Caspol.exe is a code access security policy tool that allows a developer to examine and modify machine, user, and enterprise-level code access security policies
code access security policy
Code Access Security Policy
  • Increases the reliability and security of applications
  • Governed by a configurable set of rules
    • Determines which resources code is allowed to access and which code is allowed to run
security policy levels
Security Policy Levels

There are four levels in the security policy

system:

  • Enterprise Policy
  • Machine Policy
  • User Policy
  • Application Domain Policy
enterprise policy
Enterprise Policy
  • Defined by enterprise administrators who set policy for enterprise domains
  • Affects every computer and user on the network
  • Evaluated at the runtime
machine policy
Machine Policy
  • Defined by machine administrators who set policy for one computer
  • Can set policy that excludes modification from the user level but not from the enterprise level
user policy
User Policy
  • Lowest administrable policy level
  • Defined by users who set policy for a single logon account
  • This level is configurable by the current logged-on user
application domain policy
Application Domain Policy
  • Defined by the runtime host for setting load-time policy
  • Cannot be administered
code access security cont d
Code Access Security (Cont’d)
  • Prevents illegal attempts to execute a protected operation based on access permissions
  • The code has to pass a verification process
verification
Verification
  • Verification ensures that the code uses only well-defined interfaces in interacting with other objects
    • For instance, PEverify.exe performs MSIL type safety verification checks and metadata validation checks on a specified assembly
cryptography
Cryptography
  • Provides functions for:
    • Encryption
    • Digital signatures
    • Hashing
    • Random number generation
  • The implementation uses a stream-based model
    • A file stream is routed into an encryption object and the resulting stream is sent to the network
cryptography cont d
Cryptography (Cont’d)
  • Encryption is a set of algorithms to secure data
    • Asymmetric encryption such as RSA and DSA
    • Symmetric encryption such as DES, TripleDES, and RC2
    • Hashes - MD5, SHA1
  • Digital Signatures
    • Signcode.exe signs a portable executable (PE) file with an authenticode digital signature
cryptography cont d20
Cryptography (Cont’d)
  • Tracking XML digital signatures
    • Easy way for application programmers to sign XML documents and fragments.
    • Signed XML is a means to securely send asynchronous messages over the web
instructor s editorial comments
Instructor’s Editorial Comments
  • One of the weaknesses of PC security is that it is more of an add-on than part of the original design of the operating system. The first personal computers from Radio Shack and Apple came with 16 kilobytes of memory, and the original IBM PC with 64 kb. Since that had to include both operating system and application programs, operating system security was minimal. Windows is a direct descendent of an O/S called CP/M, an acronym for Control Program for Microcomputers.
comments continued
Comments continued
  • Mainframes had much more elaborate security measures built into the operating system and the hardware because they had the resources to do that. Mainframes sold for millions of dollars, while personal computers originally cost a few hundred.
  • One difference is that mainframes tend to separate programs from data. There is a legacy of that in our security discussions when we talk about data protection measures.
comments continued23
Comments continued
  • The idea of securing data separately in an operating system is similar to putting a safe in a convenience store. Because money is more attractive to thieves than food, it is kept in a safe while the food is kept on an open shelf.
  • Object Oriented Systems challenge the whole paradigm of separation of program behavior from data, because both are encapsulated in each object. This creates additional problems for security system designers.
comments continued24
Comments continued
  • Microsoft referred to the limited resource problem in announcing a 64 bit version of Windows.
  • "We've done a lot of work with Intel and AMD who have changed how software is processed at the chip level, to enable new levels of security in 64-bit computing.”
  • "We've done work at the core of the system, such that if a virus attacks your machine it will prevent it from taking over your PC.”
comments continued25
Comments continued
  • "So there are things that we've done at the core that will enable higher levels of security than we see today."
  • (from an interview with Microsoft’s Brad Goldberg, reported on BBC News, 64-bit launch showcases Longhorn , http://news.bbc.co.uk/, Friday, 6 May, 2005.)
glossary
Glossary
  • Principal - the user on whose behalf code is executed. May have multiple roles.
  • Evidence - facts known about the code, i.e. digital signatures, the URL, site the code comes from, etc.
  • Permission - right to access a protected resource.
references
References
  • The Microsoft .NET Framework 1.1 Evaluation Guide http://msdn.microsoft.com/netframework/technologyinfo/evalguide/default.aspx
  • About .Net Security http://www.gotdotnet.com/team/clr/about_security.aspx
  • Technology Overview http://msdn.microsoft.com/netframework/technologyinfo/overview/default.aspx
  • MS .NET Framework, http://msdn.microsoft.com/net
references cont d
References (Cont’d)
  • Security policy best practices http://www.gotdotnet.com/team/clr/SecurityPolicyBestPractices.htm
  • .Net Framework Cryptography http://www.gotdotnet.com/team/clr/cryptofaq.htm