Sandboxing in .NET CLR

Mikhail Shcherbakov

July 05, 2015

Coordinator of SPB .NET CommunityProduct Manager at CezurityOne of the core developers of the source code analyzer PT Application Inspector

Former Team Lead at Acronis, Luxoft, Boeing

About me

2

Sandboxing is the base of security

Development of extensible and security-sensitive applications

Troubleshooting and knowledge about the internals

Knowledge in Practice

ASP.NET / IIS Silverlight SQL CLR XBAP ClickOnce Sharepoint

3

Security Architecture

4

Security Architecture

5

Application Domains

6

The verification process

7

Just-in-time verification

Code Access Security

9

Policy

10

deprecated 

in .NET Framework

4

Policy

11

Permissions

12

Permissions

13

Enforcement

14

Fully Trusted code in Partially Trusted AppDomain

15

Transparency Model

16

Level 2 Security Transparency

17

Security Transparency Attributes

Assembly Level

Type Level

Member Level

SecurityTransparent

SecuritySafeCritical

SecurityCritical

AllowPartiallyTrustedCallers

SecAnnotate.exe – .NET Security Annotator Tool http://bit.ly/1A3vMw3

18

Stack walking

19

Sandbox implementation

ASP.NET Partial Trust applications

2005

2005 2006 2007 2008 2009 2010 2011 2012

Use Medium trust in shared hosting environments bit.ly/1yABGqfAugust 2005

For Web servers that are Internet-facing, Medium trust is recommended bit.ly/1z83LVVJuly 2008

21

ASP.NET Partial Trust applications

2015

2008 2009 2010 2011 2012 2013

ASP.NET Partial Trust does not guarantee application isolationbit.ly/1CRv3UxJune 2012

ASP.NET Security and the Importance of KB2698981 in Cloud Environments bit.ly/1vXJ50JApril 2013

“The official position of the ASP.NET team is that Medium Trust is obsolete”

-Levi Broderick, security developer at Microsoft bit.ly/1If14Gv

June 2013

ASP.NET MVC 5 no longer supports partial trust bit.ly/1w0xxuX

October 2013

22

DynamicMethod classMS13-015 vulnerability

Could Allow Elevation of Privilege (KB2800277)

Trusted Chain Attack

23

Luring Attack

24

Luring AttackMS02-061 “Elevation of Privilege in SQL Server Web Tasks”

25

Exception Filter Attack

Exception Filter Attack

27

Exception Filter Attack

28

Summary

29

Sandboxing:Exploring the .NET Framework 4 Security Model bit.ly/1zBHDl7

New Security Model: Moving to a Better Sandbox bit.ly/1qdLTYf

How to Test for Luring Vulnerabilities bit.ly/1G5asdG

Using SecAnnotate to Analyze Your Assemblies for Transparency Violations bit.ly/12AtGZF

Summary

30

.NET Security:OWASP Top 10 for .NET developers bit.ly/1mpvG9R

OWASP .NET Project bit.ly/1vCfknmTroy Hunt blog www.troyhunt.comThe WASC Threat Classification v2.0 bit.ly/1G5d8rM

Summary

31

Thank you for your attention!Mikhail Shcherbakov

spbdotnet.org

ms@cezurity.com

linkedin.com/in/mikhailshcherbakov

github.com/yuske

@yu5k3

Product Manager at Cezurity