Customizing .NET Security Permissions

1
Customizing .NET Security Permissions

• Nageswari Vallabhaneni

2
Overview

• Introduction
• Kinds Of Permissions
• Customizing different kinds of permissions
• Based on roles
• Type safe code and Unmanaged Code

3
Permission

• Permission is an object used by flexible and
  extensible framework instead of defining a fixed
  set of operations and resources to which access
  can be controlled.
• Access code to restricted areas
• Objects to control restrictions on managed
  code

4
Kinds of Permissions

• Permission and permission set
• XML representation of permissions
• Code access permissions
• Protect resources and operations
• Identity permissions
• Characteristics of an assemblys identity
• Role-based permissions
• Discover a users role or identity
• Custom permissions
• Design and implement your own permissions

5
Managing Permissions Policies

• Policy levels
• Enterprise, machine, user, application domain

Permission and permission set
enterprise
machine
Resulting permission set
user
appdomain
6
Individual Permissions with default Permission
Sets
Permission Full Trust
Nothing Local Intranet
Internet Permission Set
Permission Set Permission Set
Permission Set Dns
Unrestricted No Access
Unrestricted No Access
Environment Unrestricted
No Access Read Username
No Access EventLog Unrestricted
No Access Instrument
No Access FileDialog
Unrestricted No Access
Unrestricted open
Isolatedstorage Unrestricted
No Access AssemblyIsolation
DomainIsolation

ByUser
ByUser Printing Unrestricted
No Access
DefaultPrinting SafePrinting
Reflection Unrestricted
No Access ReflectionEmit
No Access Security
Unrestricted No Access
ExecutionAssertion Execution UI
Unrestricted No
Access Unrestricted
SafeToplevel

Windows Own
Clipboard
7
Granting Permissions

• The runtime grants permissions
• To application domains and assemblies
• Based on identity, requested permissions, and
  trust

Runtime
Assembly
Loader
Host
Applicationdomain
Evidence
Permissionset
Travers codegroup for relevantpolicy level
8
Code Access Permissions 1/3

• Protect Resources and operations
• SecurityPermission class
• SocketPermission class
• WebPermission class
• PrintingPermissions
• User Interface Access
• UIPermission class
• Secure windows prevent spoofing
• Prevent code to steal from clipboard

9
Code Access Permissions 2/3

• Access and modify environment, registry, and
  metadata
• EnvironmentPermission
• RegistryPermission
• ReflectionPermission
• DNSPermission
• EventLogPermission
• ServiceControllerPermission
• Protect files and directories
• FileIOPermission
• FileDialogPermission

10
Code Access Permissions 3/3

• Protect Data
• DirectoryServicesPermission
• IsolatedStoragePermission
• IsolatedStorageFilePermission
• OleDbPermission
• SqlClientPermission
• MessageQueuePermission
• PerformanceCounterPermission

11
Overriding Code Access Permissions

• Override the outcome of the stack walk security
  check
• Assert
• Specify permissions that should not be checked
• Security hole
• Deny
• Explicitly deny permissions
• If one caller in call chain fails, all will fail
• PermitOnly
• Specify a certain resource that can be accessed

12
Identity Permissions

• Identity of an assembly
• The runtime grants identity permissions when the
  assembly is loaded based on the evidence that is
  provided.
• And that evidence is provided by the loader or a
  trusted host and include items such as digital
  signature of the assembly or the website.

13
Classes Of Identity Permissions

• Relevant classes
• PublisherIdentityPermission
• The software publishers digital signature.
• SiteIdentityPermission
• The website where the code originated.
• StrongNameIdentityPermission
• The strong name of the assembly.
• ZoneIdentityPermission
• Zone where the code originated.
• URLIdentityPermission
• URL where the code originated.

14
Role-based Permissions

• Principals
• A Principal represents the identity and role
  of a user and acts on the users behalf.
• .NET framework supports 3 kinds of Principals
• Generic unauthenticated users and roles that are
  independent of Windows users and roles.
• Windows Windows users/accounts and roles.
• Custom principals defined by an application in
  any way that is needed for that particular
  application.
• PrincipalPermission Class
• Perform checks against active principal

15
Custom Permissions

• System.Security.Permissions namespace
• Consider thoroughly overlapping and redundancy
• Code access permissions
• Design
• Which resource is to be protected?
• Hows the granulation of access?
• Implement
• IPermission interface
• Demand
• Update the policy

16
Adding a custom permission to Security Policy

• Add the assembly implementing the custom
  permission to the list of fully trusted
  assemblies.
• Create an XML file that represents the type of
  permission you want to create and assign to
  assemblies.
• Add the XML representation of the permission to
  the security policy by using the .NET Framework
  Coniguration tool.

17
Type Safe Code and Trust

• No memory access to the neighbours private
  fields
• Isolated assemblies
• Compiler checks if code is type-safe
• Not all language compilers can generate type-safe
  code
• JIT compiler verifies type-safety
• If code is not type-safe the code is not
  trustworthy
• Not type-safe code may call unmanaged code
• And perform malicious operations

18
Wrapping Unmanaged Code

• Calling unmanaged code is risky
• Direct calls into unmanaged code can bypass
  security
• Use managed wrapper classes
• Enforce security restrictions
• Secure class libraries
• Security demands
• Check each call to resources exposed by the
  library
• Code access security does not eliminate the
  possibility of human error in writing code

19
References

• http//msdn2.microsoft.com/en-us/library/03kwzyfc(
  VS.71).aspx
• http//msdn2.microsoft.com/en-us/library/d3wktt6a(
  VS.71).aspx
• http//msdn2.microsoft.com/en-us/library/7sxk9k2h.
  aspx

20
Questions ??