KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on...

1KATHOLIEKEUNIVERSITEITLEUVEN

.NET Curriculum Workshop

Teaching Software Security: Case Studies on the .NET Framework

Frank Piessens and Wouter Joosen

([email protected]@cs.kuleuven.ac.be)

.NET Curriculum Workshop 2KATHOLIEKEUNIVERSITEITLEUVEN

Who am I

• Professor at the Department of Computer Science, KULeuven, Belgium

• Member of the DistriNet research group on distributed systems and computer networks

• Research focus:– Software security: secure programming languages,

security in component models and frameworks, security engineering


Why am I here?

• Our university has a “security-intensive” computer science curriculum

• The “secure software” course was an early adopter of .NET technologies in university course

• Report on our experiences integrating .NET into that course


Outline of the presentation

• Introduction• Overview of the secure software course• Case studies and projects on .NET• Zooming in on some project assignments• Conclusion


Introduction

• Software is more and more Internet accessible=> importance of software security increases

• Developing secure software is a complex matter– Complex technologies– Binding security technologies to an application is hard– Implementation vulnerabilities– Hard to test security– …

• Hence, it is important to integrate courses on secure software development in computer science curricula


Introduction

• At the K.U.Leuven, we started developing such a course 5 years ago– It is being taught for the 5th time to an average of

some 100 students per year– Fragments of the course have been presented

• At industry conferences• At academic conferences

– Teaching materials for the course are available on the web (see URL at the end of the presentation)


Overview of the course

• Part I: Introduction• Part II : Security Technologies

– Security technology = reusable algorithm/ model/ service that realizes a security objective

• Part III: Building Secure Applications– Secure application: application that enforces correct

rules of usage• By correct and appropriate use of security technologies• By ensuring high quality of implementation

• Part IV: Conclusion



• Part I: Introduction– General security concepts: threat, vulnerability,

countermeasure, risk, …– Security for an administrator versus security for a

developer– Case study: perform a threat and vulnerability

analysis on a simplified e-mail system



• Part II: Software Security Technologies– Cryptographic primitives– Cryptographic Service Provider based libraries– Cryptographic protocols– Software interfaces to protocols– Access control models– Access control in operating systems and application

servers– Untrusted code security



• Part III: Secure Software Applications– Threat analysis– Secure design principles– Integrating security technologies in applications– Implementation vulnerabilities– Enriching a software engineering process for security

• Part IV: Conclusion– Case study revisited– Current challenges



• What is available online?– The course is given at our university as a 20h course

with 30h time for exercises/projects• Slides are available for most of the lectures • Lecture notes are available for approximately half of the

lectures• A web site with related links for all covered material• Project assignments (not solutions)


Case studies and projects on .NET

• The course is a conceptual course, but illustrates concepts with their implementation in real-life systems

• The .NET Framework is used to illustrate implementation of most of the security technologies in Part II of the course– The cryptographic libraries in .NET are discussed as an

example implementation of a CSP based crypto library– Code Access Security is discussed as an example

implementation of untrusted code sandboxing– .NET declarative role based access control is discussed as

an example implementation of application level access control


Case studies and projects on .NET

• The .NET material is relatively new– Before: Java and Windows 2000– Does the .NET case add value with respect to the

Java case?• Two examples:

– Comparison of crypto libraries in Java and .NET– Comparison of sandboxing in Java and .NET


Crypto libraries

• All modern cryptographic libraries are structured around the concept of Cryptographic Service Providers (CSP)

Cryptographic framework

CSP1 CSP2 CSP3 …SPI

APIApp1 App2 App3 …


Crypto libraries

• Java and .NET implement decoupling differently– Java: decoupling based on the bridge design pattern

• API objects encapsulate an SPI object that does the real work

– .NET: decoupling based on inheritance• SPI classes inherit from API classes


Sandboxing in Java and .NET

• Both Java and .NET implement stack inspection based configurable sandboxing

• But again, both implementations differ significantly– Integration of user based access control is different– Granularity of permissions and stack walk modifiers

is different– Extensibility is different– …


Projects and exercises on .NET

• Students can do projects and exercises on the .NET framework or the SSCLI (Rotor)

• We distinguish three “levels”:– Simple exercises: a few hours of work– Implementation projects: 20 – 40 hours of teamwork– Advanced projects: several hundred hours of work,

typically in the context of a master thesis• Some of them closely linked to our research• E.g. Context bound objects for application level access

control


Example implementation project: pluggable authentication

• Problem statement: In the .NET framework, authentication can be done:– By relying on Windows authentication– By custom developed authentication code

Both approaches have their disadvantages.



• Assignment:Design an authentication framework for .NET. The framework should offer a simple uniform authentication API to applications. Implementations of authentication mechanisms should be easy to plug into the framework. The selection of what authentication mechanisms to use should be set by a configuration file. Authentication should be well integrated with role based authorization.



• Discussion:The project introduces students to many aspects of .NET security:– Use of the crypto API’s– User based access control– Building a secure assembly

• An example solution (PAM.NET) that runs on Rotor and the CLR was developed by Bert Lagaisse.


Example advanced project: typing information as evidence

• Problem statement:– Type systems increase security in a number of ways.– Supporting a new type system in a programming

language or in MSIL is a substantial effort.– Can the Code Access Security system be used to

check security-related type information?



• Assignment:Pick a security relevant type system (e.g. types for safe concurrency), and design a new kind of evidence that captures the type information in that system.Design typing rules for IL, and implement a verifier.Integrate the verifier with the Code Access Security system.



• Discussion:Students gain deep knowledge about:– IL and IL typing– The Code Access Security System

• A simplified version of the assignment was implemented by a master thesis student.


Some other projects

• Implementing a Cryptographic Service Provider– Last year, two students integrated the Belgian EID in

the .NET Crypto Libraries• Reusing Code Access Security checks for role based

access control• Design and implement a SOAP firewall• Design and implementation of applications that use the

security API’s intensively– Secured chat application– Simple encrypting file system– Runtime extensible applications– …


Conclusion

• Importance of software security is high and growing• Inclusion of dedicated courses in curricula is desirable• Our software security course is still in evolution but is

slowly stabilizing as a:– Conceptual course– With illustrations of the concepts on the two application

development platforms of the future (Java and .NET), as well as on operating systems/middleware/databases

• Course materials are available (in draft form) at:

http://securitytf.cs.kuleuven.ac.be/teaching/

KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on...

Documents

Transcript of KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on...