Nielsen's Weblog : .NET [use your Context dude]
Updated: 29-03-2004; 23:54:57.

 

Home

Subscribe to "Nielsen's Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

 
 

13. februar 2004

Evidence-Based Security

not a very smart thing to explore half past midnight!.

to nail my midnight problem: there is a big difference between sn.exe -tp and sn.exe -Tp :).

quick tutorial anyway:

Say you have an assembly A with a class called "CIA" that contains sensitive information about the Kennedy murder, you don't want the name of the organization who killed Kennedy, out in the public!!, it must only be whispered in a special assembly called "Conspiracy" (CS) which in general is a closed sealed box. The "CIA" class has a method called bool PeopleWeKilled(string name), now you certainly don't want this method called from class "Public" located in assembly X, "CIA" can only be called once in awhile in the "Conspiracy" assembly.

so we generate a private/public key pair and sign our assembly "CS"  with a key like this:

sn -k confidential.snk
compile the assembly "CSsigning it with the confidential.snk file.

next you extract the public key part from assembly "CS" with the secutil.exe like this

secutil.exe -hex -s CS.dll > publickey.txt

this will extract the public part of the key in the publickey.txt file. This part is now used in assembly A on class "CIA".

[StrongNameIdentityPermissionAttribute
(SecurityAction.Demand, PublicKey="0024000...",Name="Conspiracy",Version="1.0.0.0")]
public class CIA
{
               public CIA(){}

               public bool PeopleWeKilled(string name)
               {
                            /// Verify that we had something todo with the name here
                            /// do heavy DB lookup probably using the like '%***%' syntax here...
                            return result;
               }
}

if the class "Public" now creates an instance of the "CIA" class

[TheRightToKnow]
public class Public
{
               public void WeWantAnswers()
               {
                           CIA meninblack = new CIA();
                           bool youcanthandlethetruth = meninblack.PeopleWeKilled("John F. Kennedy");
               }
}

they would end up with an exception like the one here:

"information about the Kennedy murder :Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed."

the assembly X with class "Public" is not signed with the private key part so the "CIA" instance fails.

How ever if assembly "CS" on the other hand wants a status report, they are allowed to create an instance of the "CIA" class and ask away...in case they missed out on a couple of "hits" :).

public class CS_Internal
{
               public void Status()
               {
                           CIA meninblack = new CIA();
                           bool result = meninblack.PeopleWeKilled("Elvis");
               }
}

btw: it would probably make sense to obfuscate the assemblies :)

"Forgive your enemies, but never forget their names."
-- John F. Kennedy

 


2:30:26 PM    comment []

© Copyright 2004 Allan Nielsen.



Click here to visit the Radio UserLand website.

 


February 2004
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29            
Jan   Mar