Finally, we reached the last topic in our cycle of security lessons on software attacks: the security model of .NET. We will see how CAS work, what are evidences and strong names, etc. I'll also give an hint about the "weakest link" in this model.

NOTE: my assumptions were made for version 1.1 of the framework. Some things where updated in 2.0 (in particular, there are good news on how the new version cope with the "weakest link".. but I want to speak about this point more precisely in a future post, since the work I did on this topic allowed me to learn a lot about the .NET runtime/loader and the Windows loader as well!)

dotNETSecurity.ppt (619.5 KB)

Copyright 2020 - Lorenzo Dematte