lect16

Methodstaticvoidmaincilmanaged entrypoint maxstack2

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ing, Lecture 16 9 Example .method static void Main() cil managed { .entrypoint .maxstack 2 ldc.i4.1 ldc.i4.2 add ldstr "1 + 2 = " call void [mscorlib]System.Console::Write(string) call void [mscorlib]System.Console::WriteLine(int32) ret } What happens when ldc.i4.2 instruction is removed? SY32 Secure Computing, Lecture 16 10 Code Verification in .NET All code Type-safe code Verifiable code • • • Verification checks type safety of CIL code Verification type Algorithm will reject some type-safe code Failure doesn't necessarily prevent execution SY32 Secure Computing, Lecture 16 11 Example • C# class Secret contains a private integer field C# Secret • Attacker writes a class Hack with a public integer Attacker Hack field, then attempts to make a Hack reference Hack point to a Secret instance Secret • Bona fide compiler will refuse to compile this Bona type confusion attack… type • …but what if attacker writes in CIL? SY32 Secure Computing, Lecture 16 12 class Secret { private int data; ... } class Hack { public int data; static void Main() { Secret s = new Secret(); Hack h = new Hack(); h = s; System.Console.WriteLine(h.data); } } compiler error SY32 Secure Computing, Lec...
View Full Document

Ask a homework question - tutors are online