lect16

Maxstack2 localsinitclasssecretsecretv0classhackv1

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ture 16 13 .field public int32 'data' .method static void Main() cil managed { .entrypoint .maxstack 2 .locals init (class [Secret]Secret V_0, class Hack V_1) newobj instance void [Secret]Secret::.ctor() stloc.0 newobj instance void Hack::.ctor() stloc.1 ldloc.0 type confusion… stloc.1 ldloc.1 ldfld int32 Hack::'data' call void [mscorlib]System.Console::WriteLine(int32) ret } …but this code might execute, nevertheless! SY32 Secure Computing, Lecture 16 14 Explanation • Assembly that fails verification may run if loaded Assembly from local disk, because such code is trusted fully by default fully • Same assembly downloaded from a web server Same will normally not be executed will • Exact behaviour depends on how code access Exact security policy has been configured security SY32 Secure Computing, Lecture 16 15 Problems • • IL verification is hard to implement correctly Example: bugs in Java's bytecode verifier March 1996 March & May 1997 April 1999 March 2002 January 2003 SY32 Secure Computing, Lecture 16 16 Restricted Environments • • • The Java sandbox .NET application domains .NET isolated storage SY32 Secure Computing, Lecture 16 17 The Classic Java Sandbox • Applets from the Internet are not trusted and must execute in a sandbox sandbox Cannot run programs on client machine No access to local file system Network access restricted to originating site • Applications from local disk are implicitly trusted Applications and have full privileges of executing user and • Restri...
View Full Document

Ask a homework question - tutors are online