Microsoft .NET and Security Provided by High-Level Internet Protocols
نویسندگان
چکیده
This paper describes a class of insecure .NET client applications, which avoid higher layer protocol protection through using a “raw” send and receive API. The .NET Framework rests on many other Microsoft components, including the Windows Driver Model (WDM). This model supports four driver types, two of which were considered in this paper: protocol and miniport drivers. By compiling and executing client applications using the “raw” sockets interface, we demonstrate that insecure clients can be written with minimal programming effort (lines of code).
منابع مشابه
Security architecture of the Microsoft .NET framework
The current trend in today’s software development and deployment is to distribute software functionality within a distributed environment. This trend is clearly illustrated by Microsoft’s drive towards promoting software functionality as loosely coupled web services that can be accessed by common Internet protocols. As a result, many computer systems are becoming increasingly complex leading to...
متن کاملMicrosoft .NET and Security Provided by High-Level Internet Protocols1
This paper describes a class of insecure .NET client applications, which avoid higher layer protocol protection through using a raw sockets API. The .NET Framework rests on many introduced by Microsoft operating systems components, including the Windows Driver Model (WDM). The basic model supports four driver types, the two most relevant of which were considered in this paper: protocol and mini...
متن کاملAn Architecture for Security and Protection of Big Data
The issue of online privacy and security is a challenging subject, as it concerns the privacy of data that are increasingly more accessible via the internet. In other words, people who intend to access the private information of other users can do so more efficiently over the internet. This study is an attempt to address the privacy issue of distributed big data in the context of cloud computin...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملRule-based Programs Describing Internet Security Protocols
We present a low-level specification language used for describing real Internet security protocols. Specifications are automatically generated by a compiler, from TLA-based high-level descriptions of the protocols. The results are rule-based programs containing all the information needed for either implementing the protocols, or verifying some security properties. This approach has already been...
متن کامل