.NET Framework Security

Chapter 11. Verification and Validation: The Backbone of .NET Framework Security

By Sebastian Lange

IN THIS CHAPTER

• Review of the Anatomy of an Assembly

• PE File Format and Metadata Validation

• IL Validation and Verification

• Code Access Security's Dependence on Validation and Verification

Assemblies are the development and deployment unit in the world of managed code. Assemblies are also what Code Access Security (CAS) is designed around; they are the unit of security configuration and enforcement. Administrable Code Access Security policy grants permissions to assemblies. The Code Access Security infrastructure, in turn , enables APIs exposing resources such as registry or file system acccess to check all calling assemblies for having been granted sufficient permissions to access the resource. However, were it possible for assemblies, by virtue of any information or code contained in the assembly file, to circumvent the CAS policy restrictions, the CAS system would not be an effective protection against erroneous or outright malicious code. It turns out that there indeed are a number of checks that are presupposed for Code Access Security to be effective. This chapter will introduce what checks these are and how they affect program development and deployment. In particular, the following concepts will be covered:

• A brief overview of the structure and contents of assembly files

• Introduction to validation

• Why the managed PE/COFF file format must be validated and what mechanism is doing so

• What metadata is

• The metadata validation steps necessary to detect corrupted metadata that might circumvent security

• Introduction to JIT-time verification, verifiability, and type safety

• Considerations about writing unverifiable code

To understand the types of checks required to support Code Access Security, it is necessary to review what constitutes an assembly and how an assembly's content could pose a risk to security.