.NET Security and MSIL Tom Roeder CS215 2006fa. MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and.

Slides:

Advertisements

Similar presentations

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

Advertisements

Chapter 10- Instruction set architectures

Java security (in a nutshell)

CSE 332: C++ exceptions Overview of C++ Exceptions Normal program control flow is halted –At the point where an exception is thrown The program call stack.

Exceptions and Exception Handling Carl Alphonce CSE116 March 9, 2007.

Exceptions and Exception Handling Carl Alphonce CSE116.

1 Lecture 11 Interfaces and Exception Handling from Chapters 9 and 10.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

CS 536 Spring Code generation I Lecture 20.

Chapter 16 Java Virtual Machine. To compile a java program in Simple.java, enter javac Simple.java javac outputs Simple.class, a file that contains bytecode.

1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.

4/6/08Prof. Hilfinger CS164 Lecture 291 Code Generation Lecture 29 (based on slides by R. Bodik)

1 Further OO Concepts II – Java Program at run-time Overview l Steps in Executing a Java Program. l Loading l Linking l Initialization l Creation of Objects.

Abstract Data Types and Encapsulation Concepts

Reflection, Conversions, and Exceptions Tom Roeder CS fa.

Subclasses and Subtypes CMPS Subclasses and Subtypes A class is a subclass if it has been built using inheritance. ▫ It says nothing about the meaning.

Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.

From C++ to C#. Web programming The course is on web programming using ASP.Net and C# The course is on web programming using ASP.Net and C# ASP.Net is.

OOP Languages: Java vs C++

Week 4-5 Java Programming. Loops What is a loop? Loop is code that repeats itself a certain number of times There are two types of loops: For loop Used.

“is a”  Define a new class DerivedClass which extends BaseClass class BaseClass { // class contents } class DerivedClass : BaseClass { // class.

JVM And CLR Dan Agar April 16, Outline Java and.NET Design Philosophies Overview of Virtual Machines Technical Look at JVM and CLR Comparison of.

CSM-Java Programming-I Spring,2005 Objects and Classes Overview Lesson - 1.

1 The Java Virtual Machine Yearly Programming Project.

Topic 3 The Stack ADT.

JIT in webkit. What’s JIT See time_compilation for more info. time_compilation.

Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at

CS412/413 Introduction to Compilers and Translators May 3, 1999 Lecture 34: Compiler-like Systems JIT bytecode interpreter src-to-src translator bytecode.

CS 147 June 13, 2001 Levels of Programming Languages Svetlana Velyutina.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.

Exceptions Handling Exceptionally Sticky Problems.

CS 320 Assignment 1 Rewriting the MISC Osystem class to support loading machine language programs at addresses other than 0 1.

Interpretation Environments and Evaluation. CS 354 Spring Translation Stages Lexical analysis (scanning) Parsing –Recognizing –Building parse tree.

Introduction to Exception Handling and Defensive Programming.

SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.

RIT Computer Science Dept. Goals l Inheritance l Modifiers: private, public, protected l Polymorphism.

Programming in Java CSCI-2220 Object Oriented Programming.

Implementing Subprograms What actions must take place when subprograms are called and when they terminate? –calling a subprogram has several associated.

RUN-Time Organization Compiler phase— Before writing a code generator, we must decide how to marshal the resources of the target machine (instructions,

Advanced C# Types Tom Roeder CS fa. From last time out parameters difference is that the callee is required to assign it before returning not the.

MSIL C#.NET Software Development. MSIL AKA CIL What all.NET languages compile to What all.NET languages compile to Binary Intermediate Language Binary.

Java Basics Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.

More on MIPS programs n SPIM does not support everything supported by a general MIPS assembler. For example, –.end doesn’t work Use j $ra –.macro doesn’t.

Object Oriented Software Development 4. C# data types, objects and references.

Programming Languages and Paradigms Activation Records in Java.

How to execute Program structure Variables name, keywords, binding, scope, lifetime Data types – type system – primitives, strings, arrays, hashes – pointers/references.

Duke CPS From C++ to Java l Java history: Oak, toaster-ovens, internet language, panacea l What it is ä O-O language, not a hybrid (cf. C++)

CS212: Object Oriented Analysis and Design Lecture 22: Generic Class Design.

1 C# - Inheritance and Polymorphism. 2 1.Inheritance 2.Implementing Inheritance in C# 3.Constructor calls in Inheritance 4.Protected Access Modifier 5.The.

The Execution System1. 2 Introduction Managed code and managed data qualify code or data that executes in cooperation with the execution engine The execution.

Terms and Rules II Professor Evan Korth New York University (All rights reserved)

Customizing.NET Security Permissions Nageswari Vallabhaneni.

And other languages…. must remember to check return value OR, must pass label/exception handler to every function Caller Function return status Caller.

Chapter 7. Permissions Programming.Net Security, O’Reilly Publishers.

1 Stacks Abstract Data Types (ADTs) Stacks Application to the analysis of a time series Java implementation of a stack Interfaces and exceptions.

7-Nov Fall 2001: copyright ©T. Pearce, D. Hutchinson, L. Marshall Oct lecture23-24-hll-interrupts 1 High Level Language vs. Assembly.

OOP Tirgul 7. What We’ll Be Seeing Today  Packages  Exceptions  Ex4 2.

CSE 332: C++ Exceptions Motivation for C++ Exceptions Void Number:: operator/= (const double denom) { if (denom == 0.0) { // what to do here? } m_value.

 It is a pure oops language and a high level language.  It was developed at sun microsystems by James Gosling.

The Java Virtual Machine (JVM)

.NET Security and MSIL Tom Roeder CS fa.

Security mechanisms and vulnerabilities in .NET

Indexer AKEEL AHMED.

CS360 Windows Programming

Introduction to C# AKEEL AHMED.

Security in Java Real or Decaf? cs205: engineering software

Lecture 30 (based on slides by R. Bodik)

CSc 453 Interpreters & Interpretation

Presentation transcript:

.NET Security and MSIL Tom Roeder CS fa

MSIL Common intermediate language really CIL in ECMA standard MSIL is common name Very close to C# (and other OO languages) define classes define methods similar attributes statements look more like assembly

MSIL No structured control flow use conditional/unconditional branches Specify calls exactly need to have the right number of parameters eg [mscorlib]System.Console::WriteLine(string, object, object) Stack language main operations push and pop from stack call methods in other objects from stack

Stack langauge Instead of registers, everything is from stack eg int i = 137; int j = 1; int k = i + j; all operations take their operands from the stack common intermediate language like JVM bytecode very close to the high-level language

MSIL why a stack language? consistent for all machines limited but possible everywhere stack construct easy to check Always implemented by JIT stack construct mostly in theory slower to interpret

MSIL operations stloc pops and stores in local index (16 bits) some assemblers handle variable names ldloc pushes contents of local index onto stack integer operations eg. add, mul, sub, div box/unbox conv.*

MSIL operations call static instance uses the static type of the class callvirt uses dynamic instead of static typing castclass pop, try to cast, push new reference on stack

MSIL operations ceq/cgt/clt pop top two elements of stack check =, >, < push 1 if true, 0 if false br/beq/bgt/blt/bfalse/btrue do the comparison and jump br is an unconditional jump use to implement structured control flow

MSIL structure.method define methods.class define any type extends extend some other type if extend System.ValueType, then value type, and sealed.entrypoint

MSIL structure.locals define names and types for local variables useful if writing straight MSIL.maxstack say how large the stack will be at most must push onto stack for method calls must remember to push object being called one reason compilers are useful

MSIL example Can generate from arbitrary C# use ILDASM can be found in Visual Studio [ see example in emacs and Visual Studio ]

Brief Security Intro Lampson’s Gold Standard (Au) Authentication: who’s who Authorization: who can do what Audit: who did what Need mechanisms for all three need good support libraries eg. built-in crypto C# security based on Windows security

.NET Security: authentication Windows security based on principals a user is a principal accounts can be principals (eg. LOCAL SYSTEM) users are members of groups these groups act as roles system policy specifies rights for different roles this is the authorization a given principal is assigned the ownership of a program: its rights come from this principal What is wrong with this model?

.NET Security: authentication Evidence-based security called “code access security” evidence is taken from many properties of code url, signature, site, etc system policy can assign different rights thus authorization is based on this policy can specify access rights to classes/resources When would this be useful? Somewhat coarse-grained must be specified in the system defaults based on code group

Code Access Security Can assign permissions to groups of code grouping made explicitly or on evidence Code can request permissions Declaratively (using attributes) happens at compile time (JIT compilation) Imperatively (using calls to subclass of CodeAccessPermission) happens at runtime When would you want to use each?

Code Access Security Can also request permissions for assembly RequestMinimum RequestOptional RequestRefuse What happens on requests stack walk if any caller in stack doesn’t have permission, then Security exception is thrown default deny

Code Access Security

Asserting permissions allows a method to assert that all higher code already has the permission can short-circuit stack walk must have permission to make this assertion Is there an attack here? Can lead to luring attacks get trusted code to use assert then get it to call malicious code

.NET Security: cryptography Provided in System.Security.Cryptography Provides implementations of all major crypto eg. RSA (Triple)DES hashes: SHA-1, MD5 AES Managed and unmanaged implementations why does this matter?