extensible multi security contracts for net platform
play

eXtensible Multi Security Contracts for .NET Platform Wiktor Zychla - PowerPoint PPT Presentation

Apr 05, 2023 •193 likes •893 views

Agenda eXtensible Multi Security Contracts for .NET Platform Wiktor Zychla wzychla@ii.uni.wroc.pl Institute of Computer Science University of Wroclaw, Poland .NET Technologies 2006 Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  1. Agenda eXtensible Multi Security Contracts for .NET Platform Wiktor Zychla wzychla@ii.uni.wroc.pl Institute of Computer Science University of Wroclaw, Poland .NET Technologies 2006 Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  2. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part I Static vs Dynamic Security 1 Design by Contract 2 What is eXtensible Multi Security 3 Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  3. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part II Introduction to Proof-Carrying-Code 4 Central Theorem of PCC 5 PCC Certification Protocol 6 Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  4. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part III PCC for XMS 7 Symbolic Evaluation 8 How it works 9 10 First example 11 Other Aspects of OO Languages 12 Example Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  5. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part IV 13 High-Level Paradigms 14 Compilation issues 15 Integration Strategies Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  6. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part V 16 Dynamic XMS Contracts Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  7. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part VI 17 Applications of XMS Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  8. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part VII 18 Validation of XMS Certificates 19 Implementation Details Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  9. Part I: Overview of XMS Part II: Proof-Carrying-Code Paradigm Part III: Static XMS Contracts for MSIL Part IV: Towards High-Level Langauges Agenda Part V: Dynamic XMS Contracts Part VI: Applications of XMS Part VII: XMS Internals Part VIII: Future of XMS Outline of Part VIII 20 Future of XMS 21 Availability of XMS Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  10. Security Policy Design by Contract What is eXtensible Multi Security Part I Overview of XMS Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  11. Security Policy Design by Contract What is eXtensible Multi Security Security Policy The Security Policy is a formal set of rules and restrictions that somehow tells us which programs are valid and which are invalid and should be considered illegal, unsafe. memory safety type safety control flow safety information flow safety code correctness Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  12. Security Policy Design by Contract What is eXtensible Multi Security Language-Based Security The Security Policy must be formal and objective. Language-Based Security Policies exploit the semantics of programming languages, operating systems and/or runtime environments. Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  13. Security Policy Design by Contract What is eXtensible Multi Security Enforcing a Security Policy How do we enforce a security policy? Dynamic security Policy is constantly checked at run time Needs to be supported by a runtime environment Static security Validation result does not require the code to be actually run Valiadtion may reject valid code Does not to be supported by a runtime environment Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  14. Security Policy Design by Contract What is eXtensible Multi Security Design by Contract Communication between entities is based on obligations which take the form of predicates . Specification of a method is a quadruple: Spec F = ( Sig F , Pre F , Post F , Inv F ) where Sig F is a method’s signature, Pre F is a precondition predicate, Post F is a postcondition predicate, Inv F is a partial function that maps instruction numbers to invariants. Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  15. Security Policy Design by Contract What is eXtensible Multi Security DBC Security Policy The Design By Contract Security Policy states that a method F is safe when the precondition Pre F holds upon the invocation the postcondition Post F holds when F returns a invariant Inv F ( i ) holds when i -th instruction is executed Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  16. Security Policy Design by Contract What is eXtensible Multi Security eXtensible Multi Security Framework eXtensible Multi Security Framework is a security framework for Microsoft Intermediate Language. It currently supports static and dynamic Contract Security Policy. Its primary focus is static verification. Static verification engine works directly on MSIL based on Proof-Carrying-Code paradigm Dynamic verification engine much easier than the other instrumentates code by using Context-Bound objects Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  17. Security Policy Design by Contract What is eXtensible Multi Security Evolution of XMS DBC/PCC implementation for a toy C-like language concurrent work on other formal security policies currently beeing ported to the enterprise world [.NET] Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  18. Security Policy Design by Contract What is eXtensible Multi Security Benefits of XMS XMS is designed to certify the MSIL language, one of the most widely used enterprise intermediate languages. To support XMS the .NET Runtime Environment does not need to be changed in any way. XMS certificates are compatible with existing high-level .NET languages. A high-level language developer does not need to know MSIL to certify the code. XMS certificates are built around the notion of PCC thus inherit all desirable properties of PCC: the certificates are sufficient to guarantee that the code is valid, the authority of a code producer is completely insignificant to the code security. Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  19. Introduction to PCC Central Theorem of PCC PCC Certification Protocol Part II Proof-Carrying-Code Paradigm Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  20. Introduction to PCC Central Theorem of PCC PCC Certification Protocol Proof-Carrying-Code Proof-Carrying-Code (PCC) paradigm has been proposed by George Ciprian Necula in 1998. It is a generalisation of many eariler Language-Based Security techniques. Three key ideas Verification Condition (VC), a logic predicate that contains the information about the program execution. Verification Condition Generator (VCGen), a utility which rebuilds VCs from modules of given language Proof Checker, a utility which is able to verify the correspondence between a logic predicate and its formal proof Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  21. Introduction to PCC Central Theorem of PCC PCC Certification Protocol Central PCC Theorem The Central PCC Theorem states that: For given Safety Policy S and code F, if the Verification Condition for S applied to F is valid, i.e. S | = VC S ( F ) then the code F is safe according to S. Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  22. Introduction to PCC Central Theorem of PCC PCC Certification Protocol Central PCC Theorem - challenges Such generality raises severe challenges: safety policy S must be expressed with a formal logic sound and complete proof system must exist for S VCGen must be built for the language the Security Theorem must be proved Original PCC was defined for Type-Safety of simple generic RISC-like assembly language. Wiktor Zychla eXtensible Multi Security, Contracts for .NET

  23. Introduction to PCC Central Theorem of PCC PCC Certification Protocol PCC Certification Protocol Wiktor Zychla eXtensible Multi Security, Contracts for .NET

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Extensible Platform for Evaluating Security Protocols Seny Kamara joint with L. Ballard, R.

An Extensible Platform for Evaluating Security Protocols Seny Kamara joint with L. Ballard, R.

An Extensible Platform for Evaluating Security Protocols Seny Kamara joint with L. Ballard, R. Caudy, D.Davis, F. Monrose Outline Objectives High-level architecture Plugin architecture Case studies Objectives Security

1k views • 47 slides
A multi- -layer layer A multi A multi-layer research and training platform research and

A multi- -layer layer A multi A multi-layer research and training platform research and

Final Workshop of CDC 2002-2007 Tallinn, Brotherhood of the Blackheads, 21 22 January 2008 A multi- -layer layer A multi A multi-layer research and training platform research and training platform research and training platform for

769 views • 35 slides
Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division

Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division

Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division of Engineering and Applied Sciences Harvard University GECON 2006 Grids internal realm: Java, python, C++, applications Science,

623 views • 38 slides
Plugins for the Isabelle Platform: A Perspective for Logically Safe, Extensible, Powerful and

Plugins for the Isabelle Platform: A Perspective for Logically Safe, Extensible, Powerful and

Plugins for the Isabelle Platform: A Perspective for Logically Safe, Extensible, Powerful and Interactive Formal Method Tools Burkhart Wolff Universit Paris-Sud (Technical Advice by: Makarius Wenzel, Universit Paris-Sud) What I am not

668 views • 54 slides
European Multi-Stakeholder Platform (MSP) on ICT Standardisation AGENDA I European

European Multi-Stakeholder Platform (MSP) on ICT Standardisation AGENDA I European

Bienvenue European Multi-Stakeholder Platform (MSP) on ICT Standardisation AGENDA I European Multi-Stakeholder Platfom (MSP) on ICT Standardisation II Rolling Plan for ICT Standardisation A Key enablers and security B Societal

796 views • 56 slides
HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
Analizo: an Extensible Multi-Language Source Code Analysis and Visualization Toolkit Antonio

Analizo: an Extensible Multi-Language Source Code Analysis and Visualization Toolkit Antonio

Analizo: an Extensible Multi-Language Source Code Analysis and Visualization Toolkit Antonio Terceiro , Joenio Costa, Joo Miranda, Paulo Meirelles, Luiz Romrio Rios, Lucianna Almeida, Christina Chavez, Fabio Kon UFBA Introduction

1.27k views • 21 slides
XPDL: Extensible Platform Description Language to Support Energy Modeling and Optimization

XPDL: Extensible Platform Description Language to Support Energy Modeling and Optimization

XPDL: Extensible Platform Description Language to Support Energy Modeling and Optimization Christoph Kessler, Lu Li, Aras Atalar and Alin Dobre christoph.kessler@liu.se, lu.li@liu.se 1 / 25 Agenda Motivation A Review of PDL XPDL Features

2.14k views • 26 slides
Heterogeneous Multi-Computer System A New Platform for Multi-Paradigm Scientific Simulation

Heterogeneous Multi-Computer System A New Platform for Multi-Paradigm Scientific Simulation

Heterogeneous Multi-Computer System A New Platform for Multi-Paradigm Scientific Simulation Taisuke Boku, Hajime Susa, Masayuki Umemura, Akira Ukawa Center for Computational Physics, University of Tsukuba Junichiro Makino, Toshiyuki

531 views • 29 slides
Discovery Environment Extensible Data Science workbench and data-centric collaboration platform

Discovery Environment Extensible Data Science workbench and data-centric collaboration platform

Discovery Environment Extensible Data Science workbench and data-centric collaboration platform powered by iRODS CyVerse Discovery Environment Development Team University of Arizona Agenda Discovery Environment (DE) Overview Overview

335 views • 16 slides
Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio Rodriguez Idaho National Laboratory National Cyber Security Division (NCSD) Control Systems Security Program (CSSP) December 8, 2006 1 Background

682 views • 13 slides
Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps Defense

1.17k views • 93 slides
Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web script security: threats and countermeasures A formal model of web scripts Information flow security Secure multi-execution The

2.25k views • 131 slides
Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Spring 2018 CS 155 Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories n Physical, platform malware, malicious apps Defense against physical theft Thurs

1.28k views • 64 slides
Chainspace: A Sharded Smart Contracts Platform Written By: Mustafa Al-Bassam, Alberto Sonnino,

Chainspace: A Sharded Smart Contracts Platform Written By: Mustafa Al-Bassam, Alberto Sonnino,

Chainspace: A Sharded Smart Contracts Platform Written By: Mustafa Al-Bassam, Alberto Sonnino, Shehar Bano, Dave Hrycyszyn, and George Danezis Presented By: Aaron Zhang Outline Introduction System Overview The Chainspace

1.04k views • 34 slides
Mobile Multi-Service Smart Room Client: Initial Study for Multi-Platform Development Andrey S.

Mobile Multi-Service Smart Room Client: Initial Study for Multi-Platform Development Andrey S.

Mobile Multi-Service Smart Room Client: Initial Study for Multi-Platform Development Andrey S. Vdovenko, Sergey A. Marchenkov, Dmitry G. Korzun Petrozavodsk State University Department of Computer Science This project is supported by grant

448 views • 15 slides
CBD COMMUNITY REFERENCE GROUP MEETING NO.9 18 MAY 2018 JOHN HOLLAND MANAGING CONTRACTOR - EARLY

CBD COMMUNITY REFERENCE GROUP MEETING NO.9 18 MAY 2018 JOHN HOLLAND MANAGING CONTRACTOR - EARLY

CBD COMMUNITY REFERENCE GROUP MEETING NO.9 18 MAY 2018 JOHN HOLLAND MANAGING CONTRACTOR - EARLY WORKS METRO TUNNEL EARLY WORKS TOWN HALL STATION UPDATE TOWN HALL STATION TIMELINE EARLY WORKS Indicative timeline only KFC DEMOLITION

569 views • 46 slides
Contracts in Clojure: Settling Types vs Tests @jessitron What do we know? How do we know it?

Contracts in Clojure: Settling Types vs Tests @jessitron What do we know? How do we know it?

Contracts in Clojure: Settling Types vs Tests @jessitron What do we know? How do we know it? Informal Reasoning Formal Experimental Proofs Evidence // Scala def formatReport(data: ReportData): ExcelSheet types (defn format-report

1.33k views • 89 slides
Testing C++ Generic Libraries Ali Alnajjar Supervisor:Magne Haveraaen intro Ad hoc style

Testing C++ Generic Libraries Ali Alnajjar Supervisor:Magne Haveraaen intro Ad hoc style

Testing C++ Generic Libraries Ali Alnajjar Supervisor:Magne Haveraaen intro Ad hoc style tests: written against simple concrete inputs e.g arrays of int in response to specific defect reports exercise only a few specific cases

304 views • 11 slides
The Critical Role of Planning in Marina Redevelopment Competitive Adaptation for Facilities

The Critical Role of Planning in Marina Redevelopment Competitive Adaptation for Facilities

The Critical Role of Planning in Marina Redevelopment Competitive Adaptation for Facilities Marina History Abridged After the construction boom of the 1970s to 1990s, marinas experienced a golden age. Second Age of Marina

536 views • 39 slides
CEF.AT platform Spyridon Pilos DG Translation, Language applications Vilnius, 24 February 2016

CEF.AT platform Spyridon Pilos DG Translation, Language applications Vilnius, 24 February 2016

How can public services benefit from the CEF.AT platform Spyridon Pilos DG Translation, Language applications Vilnius, 24 February 2016 Public services and machine translation Multilingualism and machine translation Now: MT@EC

411 views • 21 slides
Use of the Machine Translation Module within Dj Vu X2 Quick Guidance Introduction Machine

Use of the Machine Translation Module within Dj Vu X2 Quick Guidance Introduction Machine

Use of the Machine Translation Module within Dj Vu X2 Quick Guidance Introduction Machine Translation has now become incontrovertible in the translation industry. We at Atril put efforts in providing best help to the translation actors. In

393 views • 6 slides
info@bildmedia.net bildmedia a nordic company delivering everywhere Photography - Products, Ad-

info@bildmedia.net bildmedia a nordic company delivering everywhere Photography - Products, Ad-

info@bildmedia.net bildmedia a nordic company delivering everywhere Photography - Products, Ad- Video - We are probably one of Design - We are creative, flex- vertisement, Portraits, Social the fastest delivering of high ible and experienced.

219 views • 21 slides
Shallow-transfer rule-based machine translation for Swedish to Danish Francis M. Tyers Jacob

Shallow-transfer rule-based machine translation for Swedish to Danish Francis M. Tyers Jacob

Shallow-transfer rule-based machine translation for Swedish to Danish Francis M. Tyers Jacob Nordfalk Dept. Lleng. i Sist. Center for Informtics, Videreuddannelse Universitat dAlacant, Ingenirhjskolen i Kbenhavn Alacant.

224 views • 20 slides

More recommend