Abstract
The number of applications that are downloaded from the Internet and executed on-the-fly is increasing every day. Unfortunately, not all of these applications are benign, and, often, users are unsuspecting and unaware of the intentions of a program. To facilitate and secure this growing class of mobile code, Microsoft introduced the .NET framework, a new development and runtime environment where machine-independent byte-code is executed by a virtual machine. An important feature of this framework is that it allows access to native libraries to support legacy code or to directly invoke the Windows API. Such native code is called unmanaged (as opposed to managed code). Unfortunately, the execution of unmanaged native code is not restricted by the .NET security model, and, thus, provides the attacker with a mechanism to completely circumvent the framework’s security mechanisms.
The approach described in this paper uses a sandboxing mechanism to prevent an attacker from executing malicious, unmanaged code that is not permitted by the security policy. Our sandbox is implemented as two security layers, one on top of the Windows API and one in the kernel. Also, managed and unmanaged parts of an application are automatically separated and executed in two different processes. This ensures that potentially unsafe code can neither issue system calls not permitted by the .NET security policy nor tamper with the memory of the .NET runtime. Our proof-of-concept implementation is transparent to applications and secures unmanaged code with a generally acceptable performance penalty. To the best of our knowledge, the presented architecture and implementation is the first solution to secure unmanaged code in .NET.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berkeley DB for .NET: http://sourceforge.net/projects/libdb-dotnet
Berman, A., Bourassa, V., Selberg, E.: TRON: Process-specific file protection for the UNIX operating system. In: Winter USENIX Technical Conference (1995)
Chari, S., Cheng, P.: BlueBox: A Policy-Driven, Host-Based Intrusion Detection System. In: Network and Distributed Systems Security Symposium (NDSS) (2002)
.NET Framework Development Center, http://msdn.microsoft.com/netframework/
ECMA. ECMA 335 - Common Language Infrastructure Partitions I to VI, 3rd edn. (2005)
Feng, H., Giffin, J., Huang, Y., Jha, S., Lee, W., Miller, B.: Formalizing Sensitivity in Static Analysis for Intrusion Detection. In: IEEE Symposium on Security and Privacy (2004)
Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy (1996)
Freeman, A., Jones, A.: Programming. NET Security. O’Reilly & Associates Inc., Sebastopol (2003)
Ghezzi, C., Jazayeri, M., Mandrioli, D.: Fundamentals of Software Engineering. Prentice Hall Inc., New York (1991)
Ghormley, D., Petrou, D., Rodrigues, S., Anderson, T.: SLIC: An Extensibility System for Commodity Operating Systems. In: USENIX Technical Conference (1998)
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.: A secure environment for untrusted helper applications: Confining the wily hacker. In: 6th USENIX Security Symposium (1996)
Herzog, A., Shahmehri, N.: Using the Java Sandbox for Resource Control. In: 7th Nordic Workshop on Secure IT Systems (NordSec) (2002)
Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: 3rd USENIX Windows NT Symposium (1999)
Jain, K., Sekar, R.: User-level infrastructure for system call interposition: A platform for intrusion detection and confinement. In: Network and Distributed Systems Security Symposium (NDSS) (2000)
Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure Execution Via Program Shepherding. In: 11th USENIX Security Symposium (2002)
Ko, C., Fraser, T., Badger, L., Kilpatrick, D.: Detecting and Countering System Intrusions Using Software Wrappers. In: 9th USENIX Security Symposium (2000)
.NET Framework Class Library Documentation - Security.Permissions (2006), http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityP%ermissions.asp
Nebbett, G.: Windows NT/2000 Native API Reference. New Riders Publishing, Thousand Oaks (2000)
OpenGL, http://www.opengl.org
Osterlund, R.: Windows 2000 Loader, What Goes On Inside Windows 2000: Solving the Mysteries of the Loader. MSDN Magazine (March 2002)
Russinovich, M., Cogswell, B.: Windows NT System-Call Hooking. Dr. Dobb’s Journal (January 1997)
Sleepycat Software. Berkeley DB Database, http://www.sleepycat.com/
Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE Symposium on Security and Privacy (2001)
Platform SDK: Windows API, http://www.microsoft.com/msdownload/platformsdk/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Klinkoff, P., Kruegel, C., Kirda, E., Vigna, G. (2006). Extending .NET Security to Unmanaged Code. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_1
Download citation
DOI: https://doi.org/10.1007/11836810_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)