CS795/895: Introduction

1
CS795/895 Introduction
2
Topics

• Distributed Systems
• Availability
• Performance
• Web Services
• Security
• Authentication
• Authorization
• Confidentiality

3
Distributed Systems

• Geographically Distributed
• Replication is the primary means to provide high
  availability and performance
• Replication/failure transparency are desired by
  distributed applications
• Protocols to communicate between distant
  processes are important SOAP

4
Web Services

• Service offered over the web
• It facilitates request-reply paradigm using
  message exchange
• Uses
• HTTP (Hypertext Transport Protocol)
• SOAP (Simple Object Access Protocol)
• UDDI (Universal Description, Discovery and
  Integration)
• WS-POLICY (Web Services Policy)

5
.Net Framework

• Write the source code (e.g., using C)
• Compile using a C Compiler (csc.exe).
• The compiler converts the source code into an
  Intermediate Language, much like bytecode in
  Java. This is managed code (exe or DLL) .
• The compiled file unit is executed using the C
  Interpreter. Upon execution, the code is checked
  for type safety. Moreover, the Just In Time (JIT)
  compiler compiles the unit into Managed Native
  Code and finally Common Language Runtime (CLR)
  produces the final output.

6
CLR Common Language Runtime

• Runtime environment of .Net Framework--- manages
  execution of code and provides different services
• CLR contains CTS (common type system), CLS (a
  subset of CTS to be supported by all .Net
  languages), CIL (Common intermediate language),
  JIT compiler (converts to MSIL (in assemblies) to
  executable native code)
• Managed code IL codes along with metadata files
  .exe or dll

7
Common Type System (CTS)

• Supports OOL like Java as well as procedural
  languages like C
• Objects and values (atomic types like integers
  and chars)
• CTS is a superset of CLS --- Not all .Net
  applications support all types in CTS

8
Miscellaneous

• JIT --- Just in time compiler This is used to
  convert the intermediate language contained in
  assemblies (executables) into native executable
  code.
• The security policy settings are referred at this
  stage to decide if code is being compiled needs
  to be type safe.
• Managed code vs. unmanaged code This is the
  Intermediate Language code (IL) along with
  metadata contained in portable executables (.EXE
  or .DLL). This needs JIT compiler to convert it
  into native executable code.
• Unmanaged code is a precompiled executable that
  dont need JIT---but it has the disadvantage of
  being not portable across different OS platforms.
  They could also be unsafe.
• CLR provides services to the managed code---(i)
  The language compiler emits metadata that
  describes the types, members, and references in
  the code. (ii) Cross language integration
• Application domains---lightweight processesAn
  extension of Javas sandbox security and Thread
  model. Multiple application domains run in a
  single Win32 process but they are isolated. Each
  domain can have its own configuration of security
  features specified.

9
Miscellaneous

• Assemblies A functional unit of sharing and
  reuse in CLR. It is equivalent to JAR files of
  java.
• It is like a logical .exe or .dll it can be an
  application (with a main point of entry) or a
  library.
• Consists of one or more files (dlls, exes, html
  files, etc.) and represents a group of resources,
  type definitions, and implementation of those
  types.
• An assembly may contain references to other
  assemblies---described in manifest---a
  self-describing assembly

10
C (C Sharp)

• Improved version of C and Java
• It is type-safe
• In .Net use Projects/Windows application C to
  create and run C programs.
• using System
• namespace Helloworld
• /// ltsummarygt
• /// Summary description for Class1.
• /// lt/summarygt
• class Class1
• /// ltsummarygt
• /// The main entry point for the application.
• /// lt/summarygt
• static void Main(string args)
• Console.Write("What is your name? ")

11
ADO.Net

• Provides data access tools for web applications
• Seamless interoperability with XML
• Uses objects such as Connection, Command,
  DataSets, DataReaders, DataSetCommands
• Use SQLConnection for MSQL server and
  ADOConnection via OLEDB provider

12
using System using System.Data.SqlClient class
seePubs static void Main () SqlConnection
conn new SqlConnection ("servernebula.cs.od
u.edudatabasepubsUser

IDcwildpasswordwildcs2004") try
conn.Open () SqlCommand cmd new
SqlCommand ("select from titles",
conn) SqlDataReader reader
cmd.ExecuteReader () while (reader.Read
()) Console.WriteLine (reader"title")
catch (SqlException ex) Console.WriteLine
(ex.Message) finally conn.Close
()
13
.Net Security Topics

• Threat models
• Storing secrets
• Securing Database access
• ASP.Net security framework
• .Net Cryptography
• Windows authentication
• .Net Passport
• Forms authentication
• Implementing Authorization
• Code access security
• Web services security
• Impersonation