12th: eliminate security risks in the cradle-use Microsoft. NET to protect data and application security

2005.3.22 ou yanliang

Course Introduction

How to apply the features in. NET Framework to protect code security

 

Basic Content

Familiar with. NET Development

 

Course Arrangement

Authentication

Authorization

Encryption

Strongly-named assembly

Code access security

Middle Layer Security

How to Avoid SQL Injection

 

Authentication

Use Credential to uniquely identify a user

You can use Microsoft Windows Integrated Identity Authentication and the user creden when a user logs on to Windows

Write your own user authentication program, and the application manages user creden

System. Security. IIdentity interface and System. Security. GenericIdentity class

System. Security. Principal. WindowsIdentity. GetCurrent (). Name

 

Demonstration 1

Authentication

The password here is 1234 MD5 encrypted ciphertext. The NorthwindCredentials constructor passes in the user name and the user's three roles. Another user, fred, has only sales permissions.

The following is the NorthwindCredentials class

Constructor

Identity is a user's Identity, and roles is a user's role array.

Logon form

If the logon verification is successful, set the CurrentPrincipal user credential of the current execution thread to the creds object returned by WebService.

 

Authorization

Use Role-based security

Role-based authorization can be implemented through programming

Roles can represent responsibilities in business processes, such as secretaries, managers, administrators, and directors.

It is easier to manage users using roles.

 

How to Use Role-based security

PrincipalPermissionAttribute and SecurityAction. Demand

Adding PrincipalPermission to a class or method indicates that the class or method needs to pass authentication. If Authenticated is true, authentication is required, and Role indicates the Role that the user needs to access .. NET will check the CurrentPrincipal of the current running thread when running, and determine whether the user has the corresponding permissions.

IPrincipal. isInRole ()

Determine whether the current user has a role. Context. User is the Class of the currently used application User in Asp.net. In this example, you can assign different attributes to the interface elements by judging the roles of the current user.

 

Demonstration 2

Authorization

SecurityAction. Demand indicates that you need something, and Role indicates that you need to have the Role permission of Manager. Here, Manager is a String constant,

If you do not have the required permissions to access this class, an exception is thrown.

This method still has some drawbacks. If we want to use a database to specify which roles a user needs to access, we cannot use this label method. This label and access restriction method can only be used to specify the constant string name of a role with hard code.

So. NET provides us with another method.

In the constructor, We Can instantiate a PrincipalPermission, pass the role in the string mode, and add tags on different classes. If the frmProducts class is not used, no methods of this class will be obtained; if you want to use it, you must pass the permission verification in the constructor.

For better user experience, we also set the properties of the interface elements to be visible and invisible Based on the permissions.

 

Encryption

Encryption disrupts byte

Symmetric encryption and asymmetric encryption

Symmetric encryption applies to encryption/Decryption with the same key

Asymmetric encryption uses a key pair for encryption/Decryption. the encryption and decryption keys are different (Public Key/private key pair)

Asymmetric encryption algorithms are more secure

More efficient symmetric encryption algorithms

System. Security. Cryptography namespace

How to manage keys

 

Demonstration 3

Encryption

To encrypt the byte sequence, we use a built-in. NET encryption method, DESCryptoServiceProvider.

Decryption Method

CryptoStream is actually an encapsulation of MemoryStream. When we write to cs, the decrypted data will be written to MemoryStream.

Here, the encrypted data requires Base64 conversion, because binary data cannot be directly transmitted during network transmission, but is generally transmitted using xml, and binary data cannot be written in xml, however, we can convert binary data into Base64 encoding, while Base64 strings can be stored in xml files. After the xml data file is transmitted to the other party, the other party uses the reverse method to convert the Base64 String to binary, and then decrypts it.

Running result

In our configuration file, we can encrypt the connection string and store it in the configuration file, and then decrypt it when using it, which improves program security.

Decrypt the connection string with the same key "NorthwindKey"

However, we 'd better not put the key and decryption algorithm in the program, because we can see the encryption rules through decompilation. We can improve security by placing the key in the registry, or by encrypting the dog and other programs.

 

Code Access Security

Policy with minimum Permissions

Grant all users the minimum permissions.

Code Group-Code combination by logical classification

Code groups can be divided into URLs, string names, zones, and etc in multiple ways.

Permission Sets-A license set that defines the resources that code can access: file I/O, Isolated Storage, and SQL client.

Link demands

 

Demonstration 4

Code access security

We can use this code to ensure that our applications can run only when they have certain permissions. The application itself can detect whether the. NET Framework configuration on the current Windows operating system is allowed to run. For example, WebPermission indicates that the computer is required to access the Web. The IsolatedStorage label indicates that the independent storage can be accessed.

Refused set indicates the function to be rejected.

Go to cmd. In the current project path, we can use the permview command to view the permissions required for the current application assembly.

We can also divide permissions in the Code Group in the configuration tool, and set PermissionSet

 

Strongly-named application assembly

Use sn.exe to create and store a strongly-named public/private key pair in the file:

Sn.exe-k Northwind. snk

Sn is the abbreviation of strong name. We can use the-k method, followed by a key file name, to generate a public/private key pair. The signature tool of the compiler uses the private key to encrypt the Assembly, generate an encryption digest, put it in Manifest, and store the public key in Manifest. when the Assembly is running, it obtains the public key information, verify that the signature is valid.

AssemblyKeyFileAttribute

You can mark the path of the key file in AssemblyInfo.

Advantages

It can be mounted to GAC.

Side-by-side deployment, supporting application assembly of multiple versions

During compilation, the client code of. NET uses a strongly-named application assembly, which effectively prevents loading of "Trojan" application Assembly during runtime. Although others can decompile or modify our code, they do not have our private key file. When using dll, the program will check whether the dll has a strong name. If not, the program does not care.

 

Delayed Signing

The private key is confidential to ensure that multiple organizations in the development team use the same strong name.

If our development team is very large, if we want the team members to name the project, we need to give the key file to him, which is equivalent to giving the private key to him. This approach is dangerous, and we cannot ensure that every developer is loyal. We can use the following method.

Export Public Key only

We asked all programmers to write only the snk address containing the public key during development, and then add the tag AssemblyDelaySign (True ), in this way, the signature that is encrypted with the private key will not be stored in the dll every time it is generated.

Sn-Vr <assemblyname>: disable strong-Name application assembly with only public keys for verification.

Sn-R <assemblyname> <keyfilename>: sign the application Assembly before it is released.

All programs are signed before release.

 

Link Demands

The connection request occurs when external code calls the application assembly.

System. Security. Permissions namespace

For example, StrongNameIdentityPermission attribute

Extract the Public Key Identifier from an application set (a hexadecimal Character Sequence)

Sn-Tp NorthwindModel. dll

For example:

This label requires other application assembly to have this public key when loading our assembly. If it is not such a certificate signature program, it will not be allowed to connect to our Assembly.

For example, if you want to view the Token of a strongly-named Assembly public key.

You only need to fill the label with the PublicKey attribute in the label.

 

Middle Tier security

The most out-of-the-box method. COM + is the safest solution-integrating with Windows and supporting Configuration

Web Service security can be controlled through HTTPS and IIS security

When IIS Security is not available, you can use WS-Security (part of Web Service Enhancements) to ensure the Security of Web services between platforms.

Remoting Security

IIS host and TCP, using IIS security and HTTPS

For other hosts, You need to implement custom channels or sinks.

Demonstration 5

Middle Layer Security

IIS security is the default anonymous verification, which is Basic verification.

When the Cache is added, it indicates that Basic verification is used. This authentication will transmit the user name and password in plain text to IIS, so we should use Https to ensure transmission security when using Basic authentication.

 

SQL Injection

The threat of SQL Injection occurs when an SQL query statement is dynamically generated, and the dynamically generated SQL statement may be tampered.

For example:

If the 'OR 1 = 1' condition is added to the preceding SQL statement, all data in the users table will be returned as a result.

All applications that use dynamic SQL queries may be threatened by this vulnerability.

To defend against such attacks, remove all dynamic SQL queries: Use SqlParameters In ADO. NET

 

Demonstration 6

Prevent SQL injection attacks

The above is a dangerous method. The following is a safe method.

Injection attacks

If it is the first method of code, the login will always succeed, but if it is the second method, the login will fail.

 

Security Design goals

Minimize attack Scope

Analyze specific attacks and prevent them:

Denial of Service Attack

File or directory-based attacks

SQL Injection

Luring)

Prevents attacks before they happen.

Use verified Security Technology: authentication, Role authorization, HTTPS, encryption

 

Summary

. NET includes powerful built-in security features

Analyze specific issues, select security technologies as needed, and write secure Windows Forms-based code

You don't have to worry about creating new security code.

2010.10.20