How to make your assembly more secure from referencing by unauthorized bits
2014-07-09 14:42
537 查看
Now the security has a trend to become more and more important in our daily work, hence I did some researches on some of the topics, and hope to do more fooling around in the future.
In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.
In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.
In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx
Now within the new model, how can we secure our assembly from mal-calling?
One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx
And I've seen it has typically been used in some test solution: /article/6271088.html
This can be applied if the most concern is at compilation.
If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.
However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.
In CLR v1.x, there is a concept of identity permission, where we can use for example StrongNameIdentityPermission class to restrict calling permissions.
In CLR v2.0, it introduces CAS so that identity permission get bypassed. That is, a demand for an identity always succeeds, regardless of the identity of the assembly, if the assembly has been granted full trust.
In CLR v4.0, the security model changes again, some security policy has been eliminated from CAS, for more information please visit: http://msdn.microsoft.com/en-us/library/vstudio/dd233103(v=vs.100).aspx and http://msdn.microsoft.com/en-us/magazine/ee677170.aspx
Now within the new model, how can we secure our assembly from mal-calling?
One of my proposals would be to use InternalsVisibleTo attribute: http://msdn.microsoft.com/en-us/library/bb385840.aspx
And I've seen it has typically been used in some test solution: /article/6271088.html
This can be applied if the most concern is at compilation.
If you have more concern in runtime, you may consider doing the authorization logic in the source code such as checking caller's publickey.
However, there is no absolute to avoid ALL attempts of determined developers, they can always find a way, but the difference is easier or harder.
相关文章推荐
- How to make more money from Google Adsense?
- How to make your issues in GitHub more professional? [Labels feature]
- How to remove Oracle Database from your computer---By Roger Gong
- How to remove Oracle Database from your computer---By Roger Gong
- [转]How to remove an assembly from the Cache if it is locked by Microsoft Installer
- How to remove Oracle Database from your computer---By Roger Gong
- How to remove Oracle Database from your computer---By Roger Gong
- How to remove Oracle Database from your computer---By Roger Gong
- How to make your intermittent or flaky terminal services connection a little more stable
- How to Make LastPass Even More Secure with Google Authenticator
- How to remove Oracle Database from your computer---By Roger Gong
- How to remove Oracle Database from your computer---By Roger Gong
- How to log in to Amazon EC2 using PEM format from SecureCRT
- How to manually remove an infected file from your computer
- [Silverlight] How to make a simple PivotTable extended from Silverlight DataGrid
- How to manually remove an infected file from your computer
- Harder Monsters and More Levels: How To Make A Simple iPhone Game with Cocos2D Part 3
- How To Fix Your Software’s Technical Debt, Program Faster, and Spend More of Your Time Writing Usefu
- How to revert your file&folder by "FOUND.000"
- How to hide & unhide the grid from the page by using people code?