University of North Florida UNF Digital Commons All Volumes (2001-2008) The sprO ey Journal of Ideas and Inquiry 2006 Microsoft .NET and Security Provided by High - Level Internet Protocols Tatiana Melnik University of North Florida Follow this and additional works at: http://digitalcommons.unf.edu/ojii_volumes Part of the Physical Sciences and Mathematics Commons Suggested Citation Melnik, Tatiana, "Microsoft .NET and Security Provided by High -Level Internet Protocols" (2006). All Volumes (2001-2008). 65. http://digitalcommons.unf.edu/ojii_volumes/65 This Article is brought to you for free and open access by the The sprO ey Journal of Ideas and Inquiry at UNF Digital Commons. It has been accepted for inclusion in All Volumes (2001-2008) by an authorized administrator of UNF Digital Commons. For more information, please contact Digital Projects. © 2006 All Rights Reserved Microsoft .NET and Security .NET Framework Provided by High -Level Figure 1 shows the two basic .NET Internet Protocols Framework components: the Common Language Runtime (CLR) and the Tatiana Melnik Framework Class Library (FCL) [24]. The CLR environment allows the execution of Faculty Sponsor: Dr. Zornitza Genova code written in any of several languages. Prodanoff, The CLR also provides numerous services Assistant Professor of Computer Science to applications, such as elimination of “DLL Hell,” and prevention of malicious Abstract code execution. This paper describes a class of insecure .NET client applications, which .NET Framework (.NET SDK) avoid higher layer protocol protection Framework Class Libraries through using a “raw” send and receive Common Language Runtime API. The .NET Framework rests on Windows Operating System many other Microsoft components, including the Windows Driver Model Figure 1. Basic Components of .NET Framework. (WDM). This model supports four driver types, two of which were considered in this paper: protocol and The FCL is a collection of classes, miniport drivers. By compiling and interfaces, and value types and is included executing client applications using the in the Microsoft .NET Framework SDK “raw” sockets interface, we [13]. Through the FCL programmers can demonstrate that insecure clients can be easily reuse common functions as well as written with minimal programming gain access to other .NET high-level effort (lines of code). services. Introduction Client-Server vs. Distributive Architecture The Microsoft .NET (pronounced dot NET) provides an integrated Using distributive computing, development environment for construction Microsoft wants to create a distributed of Web services using eXtensible Markup operating system [25], where all Language (XML) [16],[6] and Simple applications are located on the network Object Access Protocol (SOAP) [17]. The level and users request an application as a goal of the .NET platform, and Web service. Currently in distributive Microsoft’s larger vision, is to allow better computing, the workload is spread over integration of information technology. In multiple computers where each computer the .NET world, people can access their performs a smaller piece of the larger task. home appliances or office computers from The .NET platform, however, has their cellular telephones or personal digital programs located on the network level. assistants (PDA’s). Thus “a single application may comprise services accessed from different computers at various locations around the programmers to write code in any town” [25]. language, thus making it platform Presently, much of Internet independent [25]. To achieve such communication follows the client-server independence, there must be an model, which is based on communication intermediate step to allow integration into between two computers: a client and a .NET. MSIL is this intermediate step. server. The client establishes a connection Once the code is compiled, it can be run and requests the information or service, on any OS containing the .NET and the server provides the requested Framework. That is, the application is information or service. Once the server platform independent. When run, the transmits the information or service application employs the CLR. requested, the communication ends. The .NET platform allows for similar communication. Programmers can write Compile Application 1 programs that provide services and transfer them to the platform. Users (i.e., other clients) can request the services from Client 1– using the platform. Windows 98SE (into Microsoft (writes code in Using .NET Intermediate The .NET approach differs from Java, C++, etc) Language) Framework SDK the traditional client-sever model in that Send application in programmers can use modules written by MSIL format to .NET Framework other programmers in their own code. More specifically, when a programmer writes code and sends it to the platform, .NET Framework other programmers can use that code, or that service, without physically seeing the Request Send Application 1 Application 1 code. They would simply “plug-in” the code from the platform into their own Client 2– using Run Application 1 Windows XP work. Therefore, the communication (receives (employ the application in Common Language between the client and server does not end Using .NET MSIL format) Runtime) Framework immediately. Rather, the communication SDK is semi-continuous. Since both of the programs will be located on the network Figure 2. .NET Framework Platform. level, they will be linked. That is, the application relying on the foreign code will not function properly without access The Scope of this Paper to the foreign code. As demonstrated in Figure 2, in Microsoft is making a great effort order to write and run the code, both to provide security for the users of their computers must install .NET Framework, products. Although some publications including the Common Language Runtime addressed security issues with the .NET (CLR). This is necessary because the code Framework [8] [10], few have addressed is compiled into the Microsoft security issues regarding any specific Intermediate Language (MSIL), which implementation of communication allows for machine specific execution. protocol stacks. One of the goals of .NET is to allow Through writing client Sometimes, the data is very large. In order applications using “raw” send and “raw” to adequately transfer the data to the receive packet handling, users avoid the receiver, it must be broken down into protection provided by these protocols and smaller pieces, or packets. As packets can gain access to server resources. With traverse through the layers, each layer this paper we demonstrate that the adds headers (i.e., overhead) to the Microsoft .NET suite allows insecure original data. The overhead is necessary client applications to surpass the protocol because it provides essential information logic of higher layer protocols and use the regarding the formation and reassembly of device driver protocol directly to packets. When the receiver accepts the communicate with the machine hosting the packet, the packet traverses from the server. bottom layer to the top layer, where each layer reads and removes the added Web Services Security and overhead. Communication Protocols The Internet is a network of networks [11]. That is, wires, routers, and headers appended by headers removed as numerous other different devices connect protocol layers traverses the clients and servers, through multiple networks, to each other. When a client forming attempts to communicate with a server, or a packet network, via the Internet, the two systems, obtaining along with the connecting devices, must application follow the same protocols. Web service data from packet protocols such as Simple Object Access Protocol (SOAP) run on top of overhead application data Transmission Control Protocol/Internet sender receiver Protocol (TCP/IP) [21] and Hyper Text Transfer Protocol (HTTP) [1], [7]. The TCP/IP protocol suite is modular. That is, the protocol uses a Network layered-design approach, where each layer is encapsulated and independent of the data sent data received layer above and the layer below. The protocol is divided into five layers: Protocol Layer Key: application, transport, internet, network and physical medium. As Figure 3 Application demonstrates, each layer provides services Transport to the layer above, and requests services Internet from the layer below. The transport layer, for example, provides a service to the Network application layer, and requests a service Physical from the internet layer. When the sender sends data the data traverses through each Figure 3. TCP/IP Layers and Data Transfer over layer from the top to the bottom. Network. In order to send or request Similar to XML, SOAP is also a information from a server (or network), a standard defined by the W3C. In addition, client must have a physical method of similar to the TCP/IP protocol, the SOAP communication with the physical medium protocol is also modular. As defined by (e.g., coaxial cable, twisted-pair cable, the W3C, SOAP consists of three parts: fiber optic cable, or air - radio frequency). • The SOAP envelope construct The network interface card (NIC), such as defines an overall framework for an Ethernet (IEEE 802.3) adapter, expressing what is in a message; facilitates the communication between a who should deal with it, and client and the rest of the network. That is, whether it is optional or mandatory. the NIC allows a client to connect to the • The SOAP encoding rules defines a network. serialization mechanism