Introduction to Security Concepts

Previous page
Table of content
Next page

Before presenting the details of .NET Framework security features, this section describes some basic security capabilities you might want to implement in your applications. It also provides a brief look at a Microsoft security threat model illustrating the types of issues you should keep in mind as a component or service developer. Because the terms introduced in this section are used in discussing the implementation of security in Visual Basic .NET applications in this and later chapters, make sure that you are familiar with them.

Identifying Basic Security Capabilities

Application platforms typically provide several standard security features, which developers can take advantage of to implement security for their applications. Some of the capabilities commonly provided include the following:

Authentication  Authentication is the process of demonstrating who you are, to the system. It can be accomplished in Visual Basic .NET applications in a variety of ways, which are discussed later in this chapter, in the “CLR and .NET Framework Security Features” section. Many applications require callers to authenticate to the system in order to prove that they are entitled to access a particular application or assembly, or to determine what functions of the application are available to them.

Permissions  Permissions describe categories of activities that can be performed, such as reading from or writing to the file system, creating files in a certain directory, accessing network resources, reading environment variables, and creating user interface elements. The .NET Framework also includes the concept of a permission set, which is a collection of permissions that can be manipulated as a unit, for programmer and administrator convenience.

Authorization  Authorization is the process of verifying that a process has the required permissions to perform specified system actions. It is closely connected with authentication in that the identity of the user running the process often determines what the process is authorized to do. When using the .NET Framework, authorization is provided by a combination of the Common Language Runtime’s (CLR’s) code access security and role-based security mechanisms.

Impersonation  Authorization is also connected with impersonation, in which a process can temporarily take on the identity of another user, whose authorization to perform certain tasks might be different from the user identity under which the process was created. The ASP.NET subsystem can automatically perform impersonation for a service depending on how the service is configured.

Security policies  Security polices are used to determine what permissions apply to particular code groups and users. Typically, they are set outside the application itself. The security policies can be set by either a custom administration tool provided with the application or by a standard tool on the platform, such as the caspol.exe utility provided with Visual Studio .NET and the .NET Framework. Security policies are discussed further in Chapters 10 and 11.

Cryptography  Cryptography is the process of encoding data to an unrecognizable form, known as ciphertext, for the sake of secrecy, and decoding it to obtain the original data, known as plaintext. It is often employed to securely persist data to media such as hard disks or tape, as well as to allow for secure transmission of information across insecure networks such as the Internet. It is important in the realms of network-oriented Windows services and Web services, because these processes are often accessed by clients across the Internet and might sometimes store data (temporarily or permanently) on a server accessed by many thousands of unrelated users. Because “good,” difficult-to-break encryption algorithms are difficult to create, computing platforms often include a selection of encryption capabilities.

Note 

We discuss some of these security capabilities in the context of Visual Basic. NET in more detail throughout this chapter.

Understanding the STRIDE Model of Security Threats

Secure coding attempts to minimize the risk of threats turning into actual security incidents. Microsoft uses the acronym STRIDE to describe common types of threats. STRIDE stands for the following:

Spoofing identity  Spoofing is the compromise and unauthorized use of a user’s identity. It might result from an attacker gaining access to that user’s physical credentials (such as login, password, or smart card) or virtual credentials (such as authentication “cookies”). You can guard against spoofing by safeguarding credentials and choosing strong authentication methods.

Tampering with data  Tampering with data is the intentional destruction or modification of data while it is being transmitted or stored. You can protect data from tampering by using encryption, resource permissions, and physical security measures.

Repudiability  Repudiability is the ability to deny that something happened because absolute proof that it did is not available. For example, often a user can deny sending a particular e-mail message, because popular e-mail protocols alone do not have the ability to prove the origin of a message. A measure of nonrepudiability can often be gained by using digital signatures to “stamp” data such as an assembly or e-mail message with information attesting to the sender’s identity.

Information disclosure  Information disclosure is the dissemination of data to unauthorized individuals. Information disclosure is the “read”-oriented version of the “write”-oriented data tampering threat, and many of the same types of actions protect against it.

Denial of service  Denial of service (DoS) is an attack that makes system resources and applications unavailable to authorized users. Although many DoS attacks occur at levels of the operating system below those that solution developers can control, others are based on taking advantage of application coding errors that enable an attacker to use up system resources such as memory or disk space over time. You can protect your applications from higher-level DoS attacks through careful assignment of privileges to applications and their users, and the use of development platforms such as Visual Studio .NET, which allow for some runtime verification of code operations.

Elevation of privilege  Elevation of privilege occurs when an attacker obtains and uses higher levels of privileges (and thus potentially obtains access to additional system resources) than he is authorized to have. As with DoS attacks, privilege elevation is often accomplished by exploiting improperly written code. To reduce this threat, applications and services should be configured to run with the minimum privilege level that is absolutely required. Additionally, the .NET Framework’s managed code runtime environment helps minimize the potential security consequences of many types of coding errors by detecting and disallowing operations that appear dangerous.

You will see in the following sections how Visual Basic .NET enables you to make use of these security-related features and more to address the threats described by the STRIDE model.


Previous page
Table of content
Next page
MCAD/MCSD(c) Visual Basic. NET XML Web Services and Server Components Study Guide
MCAD/MCSD: Visual Basic .NET XML Web Services and Server Components Study Guide
ISBN: 0782141935
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Pamela Fanstill, Brian Reisman, Mitch Ruebush, Helen OBoyle
BUY ON AMAZON
Network Security Architectures
Java How to Program (6th Edition) (How to Program (Deitel))
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
GO! with Microsoft Office 2003 Brief (2nd Edition)
.NET System Management Services
Quantitative Methods in Project Management
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy