Home Page Icon
Home Page
Table of Contents for
Index
Close
Index
by Kevin T. Price, Rudi Martin, Matthew Lyons, Sebastian Lange, Brian A. LaMacchia
.NET Framework Security
Copyright
About the Authors
Acknowledgments
Introduction
Introduction to the .NET Developer Platform Security
Common Security Problems on the Internet
Problems with Securing Mobile Code
Writing Secure Applications
Summary
Introduction to the Microsoft .NET Developer Platform
Tight Language Interoperability
Metadata
JIT Compilation
Garbage Collection
Object-Oriented Programming
Code Access Security
Base Class Library
Native Code Interoperability
Summary
.NET Developer Platform Security Solutions
Fundamental Security Benefits from the .NET Framework
Mobile Code Solutions with the .NET Framework
Networked Computing with the .NET Framework
Summary
Code Access Security Fundamentals
User- and Code-Identity–Based Security: Two Complementary Security Paradigms
A Little Anatomy of Computer Security Systems
A Review of User-Identity–Based Security
Entering a New Paradigm: Code-Identity–Based Security
How User- and Code-Identity–Based Security Systems Complement Each Other
Summary
Evidence: Knowing Where Code Comes From
Evidence Explained
Different Sources of Evidence
Evidence and the Base Class Library
Summary
Permissions: The Workhorse of Code Access Security
Permissions Explained
How Permissions Are Used
Declarative and Imperative Security
Built-in Permissions
Permission Sets
Summary
Walking the Stack
A Review of Stacks and Their Uses
The Security Stack Walk
Modifying a Stack Walk
The Interaction of App Domains with Stack Walks
Summary
Membership Conditions, Code Groups, and Policy Levels: The Brick and Mortar of Security Policy
Membership Conditions
Code Groups
Policy Levels
Default Security Policy
Summary
Understanding the Concepts of Strong Naming Assemblies
Assemblies and Identity
Public/Private Key Pairs
Signing and Verifying Assemblies
Delay Signing Assemblies
Comparison with Authenticode Signatures
Summary
Hosting Managed Code
What Does Hosting Mean?
Containing Assemblies Through the Use of Appdomains
Controlling Trust Within the Hosted Environment
Dealing with Assembly-Sharing Issues
Using Appdomains to Secure Unmanaged Clients
Summary
Verification and Validation: The Backbone of .NET Framework Security
Review of the Anatomy of an Assembly
PE File Format and Metadata Validation
IL Validation and Verification
Code Access Security's Dependence on Validation and Verification
Summary
Security Through the Lifetime of a Managed Process: Fitting It All Together
Development-Time Security Considerations
Deployment-Time Security Issues
Execution-Time Security Issues
Summary
ASP.NET and Web Services Security Fundamentals
Introduction to ASP.NET Security
New Security Features in ASP.NET—And How to Use Them
Authentication for Web Services
Code Access Security and ASP.NET
Summary
Authentication: Know Who Is Accessing Your Site
ASP.NET Authentication and IIS Authentication
Default IIS Settings
Using CLR Role-Based Security in Windows
Using ASP.NET Forms Authentication
Using Impersonation and Delegation in ASP.NET
Summary
Authorization: Control Who Is Accessing Your Site
File and Directory Access Control Lists (ACLs)
Using URL Authorization to Allow or Limit Access
Using Programmatic Authorization to Determine Who Is Attempting to Access Your Site
Summary
Data Transport Integrity: Keeping Data Uncorrupted
Implementing SSL Encryption and HTTPS
Encryption of Individual Data Elements—An Overview
Remoting and Encryption via Sinks—An Overview
Summary
.NET Framework Security Administration
Introduction: .NET Framework Security and Operating System Security
A Roadmap for Administering the Security Context of Managed Code
.NET Framework Security and Operating System Security Settings
Summary
Administering Security Policy Using the .NET Framework Configuration Tool
Before Making Any Security Policy Change: Administration Strategies
Introduction to the .NET Framework Configuration Tool
Increasing Trust for an Assembly or Software Publisher Using the Trust Assembly Wizard
Changing Trust for a Zone Using the Adjust Security Wizard
Manipulating the Security Policy Tree Directly—Basic Techniques
Testing Security Policy Using the Evaluate Assembly Wizard
Modeling Policy Changes Using Open and New
Deploying Security Policy
Resetting Security Policy
The .NET Framework Configuration Tool's Self Protection Mechanism
Administrative Tactics: Scenarios, Solutions, Hints, and Tricks
Summary
Administering .NET Framework Security Policy Using Scripts and Security APIs
Using Batch Scripts for Security Policy Administration
Changing Security Policy by Programming Directly to the Security APIs
Summary
Administering an IIS Machine Using ASP.NET
XML-Based Configuration Files
Hierarchy of .NET Configuration Files
Attributes and Settings
IIS Security Settings—A Refresher
Summary
Administering Clients for .NET Framework Mobile Code
Default Security Policy and Mobile Code
Limitations on Calling Strong Named Components
Running Mobile Code in Internet Explorer
Summary
Administering Isolated Storage and Cryptography Settings in the .NET Framework
Administering Isolated Storage
Administering Cryptography Settings
Summary
.NET Framework Security for Developers
Creating Secure Code: What All .NET Framework Developers Need to Know
Security and the Developer
Structure of the .NET Framework Security System
Limitations of the .NET Framework Security System
Summary
Architecting a Secure Assembly
Thinking Like a Security Expert: How to Improve the Security of Your Designs from Day One
If All Else Fails
Don't Throw It All Away
Summary
Implementing a Secure Assembly
Using Existing Security Mechanisms
Implementing Your Own Permissions
Working with Strong Names
Summary
Testing a Secured Assembly
Determining What Is Being Protected
Determining How Resource Protection Is Implemented
Testing Any Applied Custom Permissions
Testing the Methods and Properties That Should Be Protected
Summary
Writing a Secure Web Site Using ASP.NET
Designing a Secure Web Site
Implementing a Secure Web Site
Summary
Writing a Secure Web Application in the .NET Development Platform
ASP.NET with Remoting Versus Web Services
Authentication and Authorization Without IIS
Summary
Writing a Semi-Trusted Application
Restrictions on Libraries That Can Be Called
Making Permission Requests
Protecting Data
Being Careful About What Code Gets Executed
Being Aware of Permissions at Runtime
Summary
Using Cryptography with the .NET Framework: The Basics
Setting the Stage: Key Definitions and Scenarios in Cryptography
The Cryptographic Object Model of the .NET Framework
Operating on Streams: CryptoStreams and ICryptoTransforms
Using Symmetric Algorithms
Using Cryptographic Hash Functions
Using Keyed Hash Functions
Random Number Generation and Key Derivation
Using Asymmetric Algorithms
Summary
Using Cryptography with the .NET Framework: Advanced Topics
Working with CryptoAPI 1.0
Working with CryptoAPI 2.0
Finalization Versus Explicit Destruction via IDisposable
Extending the .NET Framework's Cryptography Classes and the Cryptographic Configuration System
Summary
Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures
XMLDSIG Design Principles and Modes of Use
The Structure of an XMLDSIG Signature
Creating XMLDSIG-Compliant Signatures Using the .NET Framework
Verifying an XMLDSIG Signature
Extending System.Security.Cryptography.Xml for Custom Processing
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Summary
Index
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset