Docstoc

STUDY AND IMPLEMENTATION OF CODE ACCESS SECURITY WITH .NET FRAMEWORK FOR WINDOWS OPERATING SYSTEM

Document Sample
STUDY AND IMPLEMENTATION OF CODE ACCESS SECURITY WITH .NET FRAMEWORK FOR WINDOWS OPERATING SYSTEM Powered By Docstoc
					 International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
 INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING
 6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
                            & TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 3, Issue 3, October - December (2012), pp. 426-434
                                                                          IJCET
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2012): 3.9580 (Calculated by GISI)             ©IAEME
www.jifactor.com




    STUDY AND IMPLEMENTATION OF CODE ACCESS SECURITY
   WITH .NET FRAMEWORK FOR WINDOWS OPERATING SYSTEM
                                      1
                                     Prof. S.A.Ubale
                                        Asst. Prof.
                            SKN Sinhgad College of Engineering,
                                 Korti, Pandharpur-India
                               Swapnaja_2283@yahoo.co.in
                                     2
                                      Dr. S.S. Apte
                                    HOD(CSE Dept)
                               WIT College of Engineering
                                      Solapur-India



ABSTRACT

 .NET has two kinds of security:
     1. Role Based Security
     2. Code Access Security
 The paper is only related wirh Code Access Security.The Common Language Runtime (CLR)
 allows code to perform only those operations that the code has permission to perform. So
 Code Access Security is the CLR's security system that enforces security policies by
 preventing unauthorized access to protected resources and operations. Using the Code Access
 Security, user can do the following:
     • Restrict what user code can do
     • Restrict which code can call user code
     • Identify code

 GENERAL TERM

 ACL based model for Operating system security

 KEYWORDS

 Code Access Security, permission, code groups declarative syntax, security



                                             426
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
1. INTRODUCTION
        Code access security is a mechanism that helps to limit the access code has to protected
resources and operations. In the .NET Framework, code access security performs the following
functions:
    • Defines permissions and permission sets that represent the right to access various system
        resources.
    • Enables administrators to configure security policy by associating sets of permissions with
        groups of code (code groups).
    • Enables code to request the permissions it requires in order to run, as well as the permissions
        that would be useful to have, and specifies which permissions the code must never have.
    • Grants permissions to each assembly that is loaded, based on the permissions requested by the
        code and on the operations permitted by security policy.
    • Enables code to demand that its callers have specific permissions.
    • Enables code to demand that its callers possess a digital signature, thus allowing only callers
        from a particular organization or site to call the protected code.
    • Enforces restrictions on code at run time by comparing the granted permissions of every
        caller on the call stack to the permissions that callers must have.

2. CODE ACCESS SECURITY ELEMENTS

        Code access security consists of the following elements:
    •   permissions
    •   permission sets
    •   code groups
    •   evidence
    •   policy

2.1 Permissions
        Permissions represent access to a protected resource or the ability to perform a protected
operation. The .NET Framework provides several permission classes, like FileIOPermission (when
working with files), UIPermission (permission to use a user interface), SecurityPermission (this is
needed to execute the code and can be even used to bypass security) .

2.2 Permission sets
        A permission set is a collection of permissions. User can put FileIOPermission and
UIPermission into user’s own permission set and call it "My_PermissionSet". A permission set can
include any number of permissions. FullTrust, LocalIntranet, Internet, Execution and Nothing are
some of the built in permission sets in .NET Framework. FullTrust has all the permissions in the
world, while Nothing has no permissions at all, not even the right to execute.

2.3 Code groups
        Code group is a logical grouping of code that has a specified condition for membership. Code
from website can belong to one code group, code containing a specific strong name can belong to
another code group and code from a specific assembly can belong to another code group. There are
built-in code groups like My_Computer_Zone, LocalIntranet_Zone, Internet_Zone etc. Like
permission sets, user can create code groups to meet user requirements based on the evidence
provided by .NET Framework. Site, Strong Name, Zone, URL are some of the types of evidence.

2.4 Policy
        Security policy is the configurable set of rules that the CLR follows when determining the
permissions to grant to code. There are four policy levels - Enterprise, Machine, User and Application
Domain, each operating independently from each other. Each level has its own code groups and
permission sets. The hierarchy is given below.[1]

                                                 427
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
                                                         October December
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME




                                        Figure 1 Policy Levels

3. QUICK EXAMPLE
         reate
       Create a new Windows application. Add two buttons to the existing form. User is going to
work with the file system, so add the System.IO namespace.using System.IO;




                                          Figure 2 Example

Write the following code:

private void btnWrite_click(object sender, System.EventArgs e)
{
                              StreamWriter("c:
   StreamWriter myFile = new StreamWriter("c:\\Security.txt");
   myFile.WriteLine("Trust No One");
   myFile.Close();
}

private void btnRead_click(object sender, System.EventArgs e)
{
                               Strea
   StreamReader myFile = new StreamReader("c:\\Security.txt");
   MessageBox.Show(myFile.ReadLine())
   myFile.Close()
}

                                                              mple
The version number should be intact all the time, for example to work. Make sure that user set the
version number to a fixed value, otherwise it will get incremented every time you compile the code.
                                                                  used
User going to sign this assembly with a strong name which is used as evidence to identify user code.
That's why user need to set the version number to a fixed value.
[assembly: AssemblyVersion("1.0.0.0")]
 This will write to a file named Security.txt in C: drive. Now run the code, it should create a file and
write the line, everything should be fine ... unless of course user don't have a C: drive. Now what user
is going to do is put assembly into a code group and set some permission. User should not delete the
Security.txt file yet.

                                                  428
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
4. .NET CONFIGURATION TOOL

       User can do this in two ways, from the .NET Configuration Tool or from the
command prompt using caspol.exe. First do this using the .NET Configuration Tool. Go to
Control Panel --> Administrative Tools --> Microsoft .NET Framework Configuration. User
can also type "mscorcfg.msc" at the .NET command prompt. [1]




                     ...
                               Figure 3 .NET configuration Tool

5. CREATING A NEW PERMISSION SET

        Expand the Runtime Security Policy node. User can see the security policy levels -
Enterprise, Machine and User. User is going to change the security settings in Machine
policy. First user is going to create own custom permission set. Right click the Permission
Sets node and choose New and name it MyPermissionSet.[2]




                               Figure 4 Creating permission set

In the next screen, user can add permissions to own permission set. In the left panel, user can
see all the permissions supported by the .NET Framework. Now get the properties of File IO
permission. Set the File Path to C:\ and check Read only, don't check others. So user didn't
give write permission, user only gave read permission. Please note that there is another option
saying "Grant assemblies unrestricted access to the file system." If this is selected, anything
can be done without any restrictions for that particular resource, in this case the file system.

                                              429
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME




                              Figure 5 Creating permission set

Now user has to add two more permissions - Security and UserInterface. Just add them and
remember to set the "Grant assemblies unrestricted access". Without the Security permission,
other user didn't have the right to execute main user code, and without the User Interface
permission, user won't be able to show a UI. If user is done adding these three permissions,
user can see there is a new permission set created, named MyPermissionSet.

6. CREATING A NEW CODE GROUP

       Now user will create a code group and set some conditions, so assembly will be a
member of that code group. Notice that in the code groups node, All_Code is the parent node.
Right Click the All_Code node and choose New. There is Create Code Group wizard name it
MyCodeGroup.[2]




                                  Figure 6 MyCodeGroup

In the next screen, user has to provide a condition type for the code group. For this example,
user is going to use the Strong Name condition type. First, sign assembly with a strong name
and build the project. Now press the Import button and select assembly. Public Key, Name
and Version will be extracted from the assembly, so user doesn’t have to worry about them.
Now move on to the next screen. User has to specify a permission set for our code group.
Since user has already created one - MyPermissionSet, select it from the list box.


                                             430
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME




                                 Figure 7 MyPermissionSet

7. EXCLUSIVE AND LEVELFINAL

        If user has not messed around with the default .NET configuration security settings,
user assembly already belongs to another built-in code group - My_Computer_Zone. When
permissions are calculated, if a particular assembly falls into more than one code group
within the same policy level, the final permissions for that assembly will be the union of all
the permissions in those code groups. Now user only need to run assembly only with user’s
permission set and that is MyPermissionSet associated with the MyCodeGroup. So user has
to set another property to do just that. Right click the newly created MyCodeGroup node and
select Properties. Check the check box saying "This policy level will only have the
permissions from the permission set associated with this code group." This is called the
Exclusive attribute. If this is checked then the run time will never grant more permissions
than the permissions associated with this code group. The other option is called LevelFinal.
These two properties come into action when calculating permissions.[5]




                                  Figure 8 MyCodeGroup

Now run the code. What user has done so far is, user has put code into a code group and
given permissions only to read from C: drive. Run the code and try both buttons. Read should
work fine, but when user press Write, an exception will be thrown because user didn't set
permission to write to C: drive. Below is the error message that user get.
                                             431
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME




                                     Figure 9 Error Message

So thanks to Code Access Security, this kind of restriction to a resource is possible. There's a
whole lot more that user can do with Code Access Security.
8. SECURITY NAMESPACE
        Security Namespace include different classes that are very helpful for implementing
security.
Following table shows the main classes in System.Security namespace:
                       Table1 Classes in System.Security namespace
Classes                                      Description
                                             Defines the underlying structure of all code access
CodeAccessPermission
                                             permissions.
                                             Represents a collection that can contain many different
PermissionSet
                                             types of permissions.
                                             The exception that is thrown when a security error is
SecurityException
                                             detected.

Following are the main classes in System.Security.Permissions namespace:
                Table2 classes in System.Security.Permissions namespace:
Classes                                     Description
                                            Controls access to system and user environment
EnvironmentPermission
                                            variables.
                                            Controls the ability to access files or folders through a
FileDialogPermission
                                            file dialog.
FileIOPermission                            Controls the ability to access files and folders.
                                            Specifies the allowed usage of a private virtual file
IsolatedStorageFilePermission
                                            system.
                                            Represents access       to    generic    isolated    storage
IsolatedStoragePermission
                                            capabilities.
                                            Controls   access    to       metadata      through      the
ReflectionPermission
                                            System.Reflection APIs.
RegistryPermission                          Controls the ability to access registry variables.
SecurityPermission                          Describes a set of security permissions applied to code.
                                            Controls the permissions related to user interfaces and
UIPermission
                                            the clipboard.


User can find more permission classes in other namespaces. For example, SocketPermission
and    WebPermission        in     System.Net      namespace,       SqlClientPermission in
System.Data.SqlClient namespace, PerformanceCounterPermission in System.Diagnostics
namespace etc. All these classes represent a protected resource.[2]
                                              432
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
9. DECLARATIVE Vs IMPERATIVE

           User can use two different kinds of syntax when coding as declarative and imperative.

9.1 Declarative syntax
        Declarative syntax uses attributes to mark the method, class or the assembly with the
necessary security information. So when compiled, these are placed in the metadata section of the
assembly.

[FileIOPermission(SecurityAction.Demand, Unrestricted=true)]
public calss MyClass
{
  public MyClass() {...} // all these methods

    public void MyMethod_A() {...} // demands unrestricted access to

    public void MyMethod_B() {...} // the file system

}

9.2 Imperative syntax
       Imperative syntax uses runtime method calls to create new instances of security classes.

public calss MyClass
{
  public MyClass() { }

    public void Method_A()
    {
      // Do Something


        FileIOPermission myPerm =
          new FileIOPermission(PermissionState.Unrestricted);
        myPerm.Demand();
        // rest of the code won't get executed if this failed


        // Do Something

    }

    // No demands

    public void Method_B()
    {
      // Do Something

    }
}

The main difference between these two is, declarative calls are evaluated at compile time while
imperative calls are evaluated at runtime.[1],[2]

                                                   433
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 –
6367(Print), ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME
10. CODE ACCESS SECURITY POLICY TOOL - caspol.exe

         The Code Access Security Policy tool enables users and administrators to modify
security policy for the machine policy level, the user policy level and the enterprise policy
level. In the following example it shows the output when user runs "caspol -list groups", this
will list the code groups that belong to the default policy level - Machine level.[2]




                                    Figure 16 caspol.exe

Note that label "1." is for All Code node because it is the parent node. It's child nodes are
labeled as "1.x", and their child nodes are labeled as "1.x.x".
    • caspol -listgroups - Displays the code groups
    • caspol -machine -addgroup 1. -zone Internet Execution - Adds a child code group to
       the root of the machine policy code group hierarchy. The new code group is a member
       of the Internet zone and is associated with the Execution permission set.
    • caspol -user -chggroup 1.2. Execution - Changes the permission set in the user policy
       of the code group labeled 1.2. to the Execution permission set.
    • caspol -security on - Turns code access security on.
    • caspol -security off - Turns code access security off.

11. REFERENCES

   [1] Francis Solomom 2004 Borcon Introduction to Code Access Security in .NET
   Framework
   [2] Tony Northhup Training Kit for .NET Framework
   [3] Jan Smans Static Verification of Code Access Security Policy, Compliance of .NET
   Applications
   [4] Kholidy,H.A.; Dept. of Comput. Sci., Pisa Univ., Pisa, Italy 2010 , A study for
   access control flow analysis with a proposed job analyzer component based on stack
   inspection methodology , IEEE Xplore Digital Library
   [5] Lipner,S.B.; Microsoft Corp., Redmond, WA, 2000, “Security and source code
   access: issues and realities”, Security and Privacy, 2000 Proceedings. IEEE Symposium




                                             434

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:12/29/2012
language:
pages:9