|
|
You're in the
dotnet security
group:Certification Authority, code signing, code access
dotnet security:
Certification Authority (CA)? For example, I would create a new CA, it would certainly those dlls that I created. Then, my exe would trust only this CA, thus only those dlls that I created. What I want to do is to prevent someone else of creating new dlls without my knowledge, and runs it with my program. If my program can trust the trusted CA configured at IE, then they can just create their own CA and trust their own dll, and cause my program to trust them too, right? I don't think I can just simply use strong name as my program loads these dlls using reflection, rather than direct referencing them. Or, is there any other way that I can achieve my objective? I have look at other security topics including code access security, but I don't understand them, and I don't know which one can actually help me solve my issue. Thanks in advance
[quoted text, click to view]
"Eugene" <Eugene@discussions.microsoft.com> wrote in message news:1036870E-A959-47A1-B17D-BA2F1939D150@microsoft.com... > Hi, can I configure/program my vb.net exe/dll to trust on only a > particular > Certification Authority (CA)? Yes, but you can't make the CLR trust only your CA. [quoted text, click to view] > For example, I would create a new CA, it would > certainly those dlls that I created. Then, my exe would trust only this > CA, > thus only those dlls that I created. What you actually want is for the CLR to access only your CA for certificate verification when your assemblies are loaded, and this is not possible without modifying the CLR itself. [quoted text, click to view] > What I want to do is to prevent someone else of creating new dlls without > my > knowledge, and runs it with my program. You can't. If they have physical control over the deployment, they can modify your DLLs as well as swapping in entirely new DLLs. There is nothing you can do to completely prevent this, although obfuscation can be used to make this sort of thing more difficult. [quoted text, click to view] > If my program can trust the trusted > CA configured at IE, then they can just create their own CA and trust > their > own dll, and cause my program to trust them too, right? > > I don't think I can just simply use strong name as my program loads these > dlls using reflection, rather than direct referencing them. Strong name verifications will only protect against spoofing attempts by partially trusted code. They are useful, but not against the type of in-situ assembly swapping that you envisage. BTW, if you know the identity of your assemblies, why are you loading them via reflection? Is this a plug-in scenario and, if so, are you attempting to limit plugins that can be loaded to only those signed with a certificate from your CA? [quoted text, click to view] > Or, is there any other way that I can achieve my objective? > I have look at other security topics including code access security, but I > don't understand them, and I don't know which one can actually help me > solve > my issue. Obfuscation is probably worth considering. Also, if you're loading plug-in assemblies, then you can control criteria for the issuing CA for an assembly's signature, but this won't be particularly useful unless you make it difficult to modify the code that verifies the CA identity.
Thanks, please see my follow up question below.
[quoted text, click to view] "Nicole Calinoiu" wrote: [E] What is the difference between my program trusting it, and CLR > "Eugene" <Eugene@discussions.microsoft.com> wrote in message > news:1036870E-A959-47A1-B17D-BA2F1939D150@microsoft.com... > > Hi, can I configure/program my vb.net exe/dll to trust on only a > > particular > > Certification Authority (CA)? > > Yes, but you can't make the CLR trust only your CA. trusting it? [quoted text, click to view] > [E] Yes, mine is a plug-in scenario, I wouldn't know the exact identity > > For example, I would create a new CA, it would > > certainly those dlls that I created. Then, my exe would trust only this > > CA, > > thus only those dlls that I created. > > What you actually want is for the CLR to access only your CA for certificate > verification when your assemblies are loaded, and this is not possible > without modifying the CLR itself. [E] My own program would load the dll using reflection. > > > > What I want to do is to prevent someone else of creating new dlls without > > my > > knowledge, and runs it with my program. > > You can't. If they have physical control over the deployment, they can > modify your DLLs as well as swapping in entirely new DLLs. There is nothing > you can do to completely prevent this, although obfuscation can be used to > make this sort of thing more difficult. > > > > If my program can trust the trusted > > CA configured at IE, then they can just create their own CA and trust > > their > > own dll, and cause my program to trust them too, right? > > > > I don't think I can just simply use strong name as my program loads these > > dlls using reflection, rather than direct referencing them. > > Strong name verifications will only protect against spoofing attempts by > partially trusted code. They are useful, but not against the type of > in-situ assembly swapping that you envisage. > > BTW, if you know the identity of your assemblies, why are you loading them > via reflection? Is this a plug-in scenario and, if so, are you attempting > to limit plugins that can be loaded to only those signed with a certificate > from your CA? until runtime. So, I would want to limit plugins that my program would load; how should I do this? [quoted text, click to view] > [E] Consider we can obfuscate the code, which makes it harder to modify > > > Or, is there any other way that I can achieve my objective? > > I have look at other security topics including code access security, but I > > don't understand them, and I don't know which one can actually help me > > solve > > my issue. > > Obfuscation is probably worth considering. Also, if you're loading plug-in > assemblies, then you can control criteria for the issuing CA for an > assembly's signature, but this won't be particularly useful unless you make > it difficult to modify the code that verifies the CA identity. the code; how can i "can control criteria for the issuing CA for an assembly's signature" ? Thanks, I don't have much knowledge or experience on this, I would need a clearer description and help. Thanks again. [quoted text, click to view] >
[quoted text, click to view]
"Eugene" <Eugene@discussions.microsoft.com> wrote in message news:83483BE8-9674-4302-8084-C506DA0F8533@microsoft.com... > Thanks, please see my follow up question below. > > "Nicole Calinoiu" wrote: > >> "Eugene" <Eugene@discussions.microsoft.com> wrote in message >> news:1036870E-A959-47A1-B17D-BA2F1939D150@microsoft.com... >> > Hi, can I configure/program my vb.net exe/dll to trust on only a >> > particular >> > Certification Authority (CA)? >> >> Yes, but you can't make the CLR trust only your CA. > [E] What is the difference between my program trusting it, and CLR > trusting it? If you want to prevent the CLR from loading an assembly based on the CA that issued its authenticode signing certificate, you would need to modify the CLR's behaviour in a way that is not possible without hacking the CLR. However, you can certainly add a CA verification to your own code that loads your plug-in assemblies. [quoted text, click to view] > [E] Yes, mine is a plug-in scenario, I wouldn't know the exact identity > until runtime. So, I would want to limit plugins that my program would > load; > how should I do this? The easiest approach would probably involve simply checking the issuing CA for the assembly signing certificate. For example, if the CA name is enough for you, something like this should do the trick: private bool CheckCA(Assembly assembly) { bool retVal = false; Publisher publisher = this.GetPublisher(assembly); if (publisher != null) { retVal = (publisher.Certificate.Issuer == "<your CA>"); } return retVal; } private Publisher GetPublisher(Assembly assembly) { IEnumerator evidenceEnumerator = assembly.Evidence.GetEnumerator(); while (evidenceEnumerator.MoveNext()) { Publisher publisherEvidence = evidenceEnumerator.Current as Publisher; if (publisherEvidence != null) return publisherEvidence; } return null; } In the above approach, you don't need to check if the assembly's authenticode signature is valid since publisher evidence is not issued by the CLR for an assembly with an invalid signature. [quoted text, click to view] > [E] Consider we can obfuscate the code, which makes it harder to modify > the code; how can i "can control criteria for the issuing CA for an > assembly's signature" ? Thanks, I don't have much knowledge or experience > on > this, I would need a clearer description and help. Thanks again. If you don't obfuscate the code that performs the CA verification, it would be trivial to modify your application to eliminate or modify the verification. Obfuscation just makes it more difficult to find the code that performs the verification then figure out exactly what it is doing.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |