.NET Security

  • Thread starter Thread starter RobertJGabourie
  • Start date Start date
R

RobertJGabourie

I work in a small company whose entire focus is security.
We have even authored one of the DOD Rainbow books. I am
a programmer, with just over 2 years experience, trying to
learn all that I can about the .NET framework, and have
read several books on both C# and the framework.

The problem I am running into is that all the books spoon
feed me that .NET is a secure framework to program in,
without ever giving me any real low level details as to
why. Most of these books rely on the ideal of how the
framework should operate and the fact that no serious
vulnerabilities have been found.

In the security world, the fact that no serious
vulnerabilities have been found is not comforting. So
what I am trying to find is documentation about how the
JIT works. From here I can start to analyze the security
of the frame work and justify to my boss that Microsoft's
claim that there are no plausible ways to overrun managed
types and run into stack and heap overflows, which plagued
earlier programming languages.

If any one can direct me to some one I can talk to, or a
document I can read that will answer my questions about
the JIT, I would greatly appreciate it.
 
the security feature lies in the fact that unlike x86 exes which can run
directly when you double click them, .Net code is MSIL and has to go through
the framework to be JITed to native code and framework executes the MSIL
only after checking for suitable permissions and access levels set for the
assembly, so IT IS safe

--
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Gurudev
Software Engineer, NetKraft,
Bangalore, India.
e-me: (e-mail address removed)
____________________________________________
 
Robert,

Have you tried ".Net Framework Security" by Brian A.LaMaccia et. al.
Addison Wesley publisher ISBN: 5206332184

I don't think it goes into the JIT as far as you need, but it covers a
lot of other security issues and was written by the people who wrote
the .Net Framework Security itself.
 
I agree in theory it is safe, but the safety comes through
both execution and design. I do not dispute that the
design is safe, but I wish to examine the execution and
verify that no mistakes were made there.

Just like JAVA which when it was released was supposed to
be a completely safe system of operation, but after time
several vulnerabilities started showing up.

There is no such thing as a perfectly safe computer system
or architecture, some one will break it. The question is
not how safe it is, but rather how unsafe it is, and what
needs to be done to mitigate it. Time has shown us this.

The fact that no serious vulnerabilities have not shown up
is a sign that no one has had reason to break it yet, and
so it is a waiting game. I am only trying to get ahead of
that game so I can write a paper of significance, which
both my boss and the security world at large will accept.



-----Original Message-----
the security feature lies in the fact that unlike x86 exes
which can run directly when you double click them, .Net
code is MSIL and has to go through the framework to be
JITed to native code and framework executes the MSIL only
after checking for suitable permissions and access levels
set for the assembly, so IT IS safe

--
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Gurudev
Software Engineer, NetKraft,
Bangalore, India.
e-me: (e-mail address removed)
____________________________________________

I work in a small company whose entire focus is security.
We have even authored one of the DOD Rainbow books. I am
a programmer, with just over 2 years experience, trying to
learn all that I can about the .NET framework, and have
read several books on both C# and the framework.

The problem I am running into is that all the books spoon
feed me that .NET is a secure framework to program in,
without ever giving me any real low level details as to
why. Most of these books rely on the ideal of how the
framework should operate and the fact that no serious
vulnerabilities have been found.

In the security world, the fact that no serious
vulnerabilities have been found is not comforting. So
what I am trying to find is documentation about how the
JIT works. From here I can start to analyze the security
of the frame work and justify to my boss that Microsoft's
claim that there are no plausible ways to overrun managed
types and run into stack and heap overflows, which plagued
earlier programming languages.

If any one can direct me to some one I can talk to, or a
document I can read that will answer my questions about
the JIT, I would greatly appreciate it.
 
Thank you for the heads up, even though this is not
exactly what I am looking for, reading up on the book,
shows it might be a good book for my collection and has
pointed me to a couple of other places to look.
-----Original Message-----
Robert,

Have you tried ".Net Framework Security" by Brian
A.LaMaccia et. al. Addison Wesley publisher ISBN:
5206332184

I don't think it goes into the JIT as far as you need, but
it covers a lot of other security issues and was written
by the people who wrote the .Net Framework Security itself.
 
"Writing secure code" by Mark Howard has a chapter on .NET security. The
main focus though is that, because memory is managed, you can't
inadvertantly cause buffer overruns without calling into unmanged code. As
you say though, that doesn't guarantee a mistake has been made in the
implementation of the framework.

That particular book also points out that code can only be secure if it's
robust. If every failure puts the application in a vulnerable state, the CLR
managing your memory isn't going to help you much...

Steve.
 
RobertJGabourie said:
The problem I am running into is that all the books spoon
feed me that .NET is a secure framework to program in,
without ever giving me any real low level details as to
why. Most of these books rely on the ideal of how the
framework should operate and the fact that no serious
vulnerabilities have been found.
Click to expand...

I recommend that you take a look at ".NET Framework Security", Addison
Wesley (ISBN 0-672-32184-X).

This book explains all of the details of security, and I think it will
answer your questions, so I won't really go into great details here
In the security world, the fact that no serious
vulnerabilities have been found is not comforting.
Click to expand...

with managed C++ and interior pointers I can kill the execution engine.
However, I have to be an administrator to do this, and the assembly has to
be on my machine. Try this:

// Don't do this!
__gc class BadInteriorPointers
{
__int64 x;
__int64 y;
String* s;
public:
BadInteriorPointers()
{ x=1; y=2; s=S"Test"; }
void KillMe()
{
Dump(); // Initial values
__int64 __gc * p = &x;
*p = 3;
Dump(); // Changed x
p++;
*p = 4;
Dump(); // Changed y
p++;
*p = 5;
Dump(); // Oops!, Changed s
}
void Dump()
{
Console::WriteLine(S"{0} {1} {2}", __box(x), __box(y), s);
}
};

Does that make you feel a bit more reassured that the .NET runtime can be
corrupted?
So
what I am trying to find is documentation about how the
JIT works. From here I can start to analyze the security
of the frame work and justify to my boss that Microsoft's
claim that there are no plausible ways to overrun managed
types and run into stack and heap overflows, which plagued
earlier programming languages.
Click to expand...


The best thing to do is have a look at Rotor, the open CLI that you can
download from Microsoft. This has a version of the runtime in source code
form. Although its not the version that is released for Win32, its close to
the release version (at least, the framework classes appear to be the same,
when I compare them with the classes I have decompiled from the framework).
If any one can direct me to some one I can talk to, or a
document I can read that will answer my questions about
the JIT, I would greatly appreciate it.
Click to expand...

Richard
 
Back
Top