Presentation is loading. Please wait.

Presentation is loading. Please wait.

.NET Security and MSIL Tom Roeder CS215 2006fa. MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and.

Published byDale Thornton Modified over 8 years ago

Similar presentations

Presentation on theme: ".NET Security and MSIL Tom Roeder CS215 2006fa. MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and."— Presentation transcript:

1 .NET Security and MSIL Tom Roeder CS215 2006fa

2 MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and other OO languages) define classes define methods similar attributes statements look more like assembly

3 MSIL No structured control flow use conditional/unconditional branches Specify calls exactly need to have the right number of parameters eg [mscorlib]System.Console::WriteLine(string, object, object) Stack language main operations push and pop from stack call methods in other objects from stack

4 Stack langauge Instead of registers, everything is from stack eg int i = 137; int j = 1; int k = i + j; all operations take their operands from the stack common intermediate language like JVM bytecode very close to the high-level language 1371 138

5 MSIL why a stack language? consistent for all machines limited but possible everywhere stack construct easy to check Always implemented by JIT stack construct mostly in theory slower to interpret

6 MSIL operations stloc pops and stores in local index (16 bits) some assemblers handle variable names ldloc pushes contents of local index onto stack integer operations eg. add, mul, sub, div box/unbox conv.*

7 MSIL operations call static instance uses the static type of the class callvirt uses dynamic instead of static typing castclass pop, try to cast, push new reference on stack

8 MSIL operations ceq/cgt/clt pop top two elements of stack check =, >, < push 1 if true, 0 if false br/beq/bgt/blt/bfalse/btrue do the comparison and jump br is an unconditional jump use to implement structured control flow

9 MSIL structure.method define methods.class define any type extends extend some other type if extend System.ValueType, then value type, and sealed.entrypoint

10 MSIL structure.locals define names and types for local variables useful if writing straight MSIL.maxstack say how large the stack will be at most must push onto stack for method calls must remember to push object being called one reason compilers are useful

11 MSIL example Can generate from arbitrary C# use ILDASM can be found in Visual Studio [ see example in emacs and Visual Studio ]

12 Brief Security Intro Lampson’s Gold Standard (Au) Authentication: who’s who Authorization: who can do what Audit: who did what Need mechanisms for all three need good support libraries eg. built-in crypto C# security based on Windows security

13 .NET Security: authentication Windows security based on principals a user is a principal accounts can be principals (eg. LOCAL SYSTEM) users are members of groups these groups act as roles system policy specifies rights for different roles this is the authorization a given principal is assigned the ownership of a program: its rights come from this principal What is wrong with this model?

14 .NET Security: authentication Evidence-based security called “code access security” evidence is taken from many properties of code url, signature, site, etc system policy can assign different rights thus authorization is based on this policy can specify access rights to classes/resources When would this be useful? Somewhat coarse-grained must be specified in the system defaults based on code group

15 Code Access Security Can assign permissions to groups of code grouping made explicitly or on evidence Code can request permissions Declaratively (using attributes) happens at compile time (JIT compilation) Imperatively (using calls to subclass of CodeAccessPermission) happens at runtime When would you want to use each?

16 Code Access Security Can also request permissions for assembly RequestMinimum RequestOptional RequestRefuse What happens on requests stack walk if any caller in stack doesn’t have permission, then Security exception is thrown default deny

17 Code Access Security

18 Asserting permissions allows a method to assert that all higher code already has the permission can short-circuit stack walk must have permission to make this assertion Is there an attack here? Can lead to luring attacks get trusted code to use assert then get it to call malicious code

19 .NET Security: cryptography Provided in System.Security.Cryptography Provides implementations of all major crypto eg. RSA (Triple)DES hashes: SHA-1, MD5 AES Managed and unmanaged implementations why does this matter?

Download ppt ".NET Security and MSIL Tom Roeder CS215 2006fa. MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and."

Similar presentations

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
Chapter 10- Instruction set architectures

Chapter 10- Instruction set architectures
Java security (in a nutshell)

Java security (in a nutshell)
CSE 332: C++ exceptions Overview of C++ Exceptions Normal program control flow is halted –At the point where an exception is thrown The program call stack.

CSE 332: C++ exceptions Overview of C++ Exceptions Normal program control flow is halted –At the point where an exception is thrown The program call stack.
Exceptions and Exception Handling Carl Alphonce CSE116 March 9, 2007.

Exceptions and Exception Handling Carl Alphonce CSE116 March 9, 2007.
Exceptions and Exception Handling Carl Alphonce CSE116.

Exceptions and Exception Handling Carl Alphonce CSE116.
1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.

1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
CS 536 Spring 20011 Code generation I Lecture 20.

CS 536 Spring Code generation I Lecture 20.
Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.
1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.

1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.
4/6/08Prof. Hilfinger CS164 Lecture 291 Code Generation Lecture 29 (based on slides by R. Bodik)

4/6/08Prof. Hilfinger CS164 Lecture 291 Code Generation Lecture 29 (based on slides by R. Bodik)
1 Further OO Concepts II – Java Program at run-time Overview l Steps in Executing a Java Program. l Loading l Linking l Initialization l Creation of Objects.

1 Further OO Concepts II – Java Program at run-time Overview l Steps in Executing a Java Program. l Loading l Linking l Initialization l Creation of Objects.
Abstract Data Types and Encapsulation Concepts

Abstract Data Types and Encapsulation Concepts
Reflection, Conversions, and Exceptions Tom Roeder CS215 2006fa.

Reflection, Conversions, and Exceptions Tom Roeder CS fa.
Subclasses and Subtypes CMPS 2143. Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.

Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.
Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.

Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.
From C++ to C#. Web programming The course is on web programming using ASP.Net and C# The course is on web programming using ASP.Net and C# ASP.Net is.

From C++ to C#. Web programming The course is on web programming using ASP.Net and C# The course is on web programming using ASP.Net and C# ASP.Net is.
OOP Languages: Java vs C++

OOP Languages: Java vs C++
Week 4-5 Java Programming. Loops What is a loop? Loop is code that repeats itself a certain number of times There are two types of loops: For loop Used.

Week 4-5 Java Programming. Loops What is a loop? Loop is code that repeats itself a certain number of times There are two types of loops: For loop Used.

Similar presentations

Ads by Google