July 14, 2010 at 13:04Silverlight 4 Application Security Overview. Part 1
At all times, security has been one of the most important parts of all applications. The review consists of two parts. In the first part I will tell how Silverlight protects the end user from malicious sites. The second is how to make a secure site using Silverlight 4.
Silverlight is a browser plugin for creating Rich Internet Applications (RIA). Silverlight applications are packaged in .xap files — ZIP files containing managed code, DLLs, and xaml markup.
Silverlight applications can be launched in 3 security models:
Silverlight follows the basic principles of web security, allowing you to provide additional functionality that is safe to use. Silverlight initially believes that all web pages are potentially malicious and runs applications in the sandbox.
OpenFileDialog / SaveFileDialog - Silverlight allows applications to read and write files to the hard drive, but only after the user selects them in the dialog box. An application may suggest a default file to set the starting position in the file system. The user must initiate a dialog request to understand which page the file is asking for, as well as to prevent an infinite loop of pop-up dialog boxes. The saved Silverlight file will be marked as “from the Internet” (mark of the web) to show other users that this file has been downloaded from the Internet to the local machine.
Isolated storage- Silverlight allows web pages to save data to a special directory on the local hard drive. Data from this domain is stored in isolated storage and cannot be read by applications from other domains. By default, the storage size is limited to 1 MB, but the application may ask the user to raise the frame to 100 MB. Such a dialog can appear only once on a page. User can delete data (like cookies).
Full Screen - Silverlight can enable full screen. Enabling this mode requires user participation. When turned on, Silverlight displays the message “ ESC to exit full screen mode."For a while. When switching windows, Silverlight will exit full-screen mode; the application cannot interfere with this exit. In order to prevent a full-screen application from changing the password entry system screen, applications do not receive alphanumeric keys in this mode.
Webcam and microphone - Silverlight application can access the webcam and microphone after requesting permission from the user. Once granted permission lasts until the page is closed.
Silverlight applications can print after displaying a print dialog. Silverlight applications can read and write plain text on the clipboard, after displaying a security warning. Access to the buffer also requires user permission, in order to prevent malicious sites from monitoring the buffer. If the application is configured using Drag and drop , then users can drag and drop files onto the application, after which it can read the contents of the file as if it were selected in OpenFileDialog. If the application does not process the right mouse button, a Silverlight settings menu will be displayed on click. If the application processes the right button, the application menu will be displayed. Access to the settings can then be obtained in the Start menu.
For http / https requests, Silverlight supports 2 different kinds of cross-domain security policy files.
Like the img tag in HTML, Image and Media in Silverlight can download images and media files from servers without cross-domain policy files. To prevent disclosure of information about the place of origin, the application cannot see the contents of these images / media files, or their composite pixels, or distinguish a damaged file from a nonexistent file. In addition to HTTP, Silverlight allows applications to use sockets. Silverlight only supports outgoing listening sockets. Silverlight 3 supports TCP sockets. Version 4 adds support for UDP multicast socket.
Installation begins when the user selects "Install" in the application Silverlight context menu or when the application launches the installation at the user's request. In any case, Silverlight will display a dialog asking for confirmation of installing the application from this site.
There are two types of applications outside the browser: trusted and isolated. Unlike isolated applications in the browser, isolated ones outside the browser have a larger place for data storage - 25 MB instead of 1 MB, because the user himself made a specific decision to install.
Trusted applications run outside the sandbox. You should not install / run trusted applications if you are not ready to start. EXE from the same site. Trusted applications receive the following additional permissions:
Silverlight was fully developed in the Microsoft's Secure Development Lifecycle (SDL) section . Silverlight is implemented as a combination of managed and native language system (native). To increase security, managed code is divided into 3 categories: Transparent , SafeCritical , and Critical . Transparent code (by default) runs in isolation (in the sandbox) like the application. Critical and SafeCritical allows you to do unsafe things, such as calling unmanaged code. Transparent code cannot directly make calls to Critical code, therefore SafeCritical acts as an intermediate layer where more security checks are performed.
In this part, we introduced the basic principles and methods of protecting Silverlight end users. In the next part I will tell you how to create a secure site using Silverlight. All references and all literature will be in the second part .
Introduction
Silverlight is a browser plugin for creating Rich Internet Applications (RIA). Silverlight applications are packaged in .xap files — ZIP files containing managed code, DLLs, and xaml markup.
Silverlight applications can be launched in 3 security models:
- In browser - the application runs as part of a web page in a browser, isolated from other pages
- Out of browser (sandboxed) - the application can be launched from the browser, but can also be installed in the Start menu. Silverlight will ask the user for confirmation before installation. Isolated applications outside the browser have the same privileges as applications in the browser.
- Out of browser (trusted) - similar applications as outside the browser. Applications can run in a browser (with browser security restrictions). When the application is installed and runs outside the browser, it has additional privileges. Running trusted applications outside the browser is similar to running .EXE - the ability to access user data, the network and the file system.
How Silverlight Protects End Users from Malicious Sites
Silverlight follows the basic principles of web security, allowing you to provide additional functionality that is safe to use. Silverlight initially believes that all web pages are potentially malicious and runs applications in the sandbox.
Sandbox. Features and limitations
OpenFileDialog / SaveFileDialog - Silverlight allows applications to read and write files to the hard drive, but only after the user selects them in the dialog box. An application may suggest a default file to set the starting position in the file system. The user must initiate a dialog request to understand which page the file is asking for, as well as to prevent an infinite loop of pop-up dialog boxes. The saved Silverlight file will be marked as “from the Internet” (mark of the web) to show other users that this file has been downloaded from the Internet to the local machine.
Isolated storage- Silverlight allows web pages to save data to a special directory on the local hard drive. Data from this domain is stored in isolated storage and cannot be read by applications from other domains. By default, the storage size is limited to 1 MB, but the application may ask the user to raise the frame to 100 MB. Such a dialog can appear only once on a page. User can delete data (like cookies).
Full Screen - Silverlight can enable full screen. Enabling this mode requires user participation. When turned on, Silverlight displays the message “ ESC to exit full screen mode."For a while. When switching windows, Silverlight will exit full-screen mode; the application cannot interfere with this exit. In order to prevent a full-screen application from changing the password entry system screen, applications do not receive alphanumeric keys in this mode.
Webcam and microphone - Silverlight application can access the webcam and microphone after requesting permission from the user. Once granted permission lasts until the page is closed.
Silverlight applications can print after displaying a print dialog. Silverlight applications can read and write plain text on the clipboard, after displaying a security warning. Access to the buffer also requires user permission, in order to prevent malicious sites from monitoring the buffer. If the application is configured using Drag and drop , then users can drag and drop files onto the application, after which it can read the contents of the file as if it were selected in OpenFileDialog. If the application does not process the right mouse button, a Silverlight settings menu will be displayed on click. If the application processes the right button, the application menu will be displayed. Access to the settings can then be obtained in the Start menu.
Network
For http / https requests, Silverlight supports 2 different kinds of cross-domain security policy files.
- clientaccesspolicy.xml - this file contains a list of domains that can “ talk ” with a third party, with support for templates of the * .habr.ru type. clientaccesspolicy.xml can also restrict access to certain paths on the server - for example, thirdparty.com/public is allowed, and thirdparty.com/private is prohibited
- crossdomain.xml (for Adobe Flash compatibility) - must be located in the root directory of the domain that provides access (for example, thirdparty.com/crossdomain.xml ), and must also provide access to all domains:
Like the img tag in HTML, Image and Media in Silverlight can download images and media files from servers without cross-domain policy files. To prevent disclosure of information about the place of origin, the application cannot see the contents of these images / media files, or their composite pixels, or distinguish a damaged file from a nonexistent file. In addition to HTTP, Silverlight allows applications to use sockets. Silverlight only supports outgoing listening sockets. Silverlight 3 supports TCP sockets. Version 4 adds support for UDP multicast socket.
Applications outside the browser
Installation begins when the user selects "Install" in the application Silverlight context menu or when the application launches the installation at the user's request. In any case, Silverlight will display a dialog asking for confirmation of installing the application from this site.
There are two types of applications outside the browser: trusted and isolated. Unlike isolated applications in the browser, isolated ones outside the browser have a larger place for data storage - 25 MB instead of 1 MB, because the user himself made a specific decision to install.
Trusted applications run outside the sandbox. You should not install / run trusted applications if you are not ready to start. EXE from the same site. Trusted applications receive the following additional permissions:
- integrated integration e.g. COM
- reading and writing files on the local disk (not limited to isolated storage)
- Sockets and cross-domain requests are allowed without security policy files.
Sandbox
Silverlight was fully developed in the Microsoft's Secure Development Lifecycle (SDL) section . Silverlight is implemented as a combination of managed and native language system (native). To increase security, managed code is divided into 3 categories: Transparent , SafeCritical , and Critical . Transparent code (by default) runs in isolation (in the sandbox) like the application. Critical and SafeCritical allows you to do unsafe things, such as calling unmanaged code. Transparent code cannot directly make calls to Critical code, therefore SafeCritical acts as an intermediate layer where more security checks are performed.
Conclusion
In this part, we introduced the basic principles and methods of protecting Silverlight end users. In the next part I will tell you how to create a secure site using Silverlight. All references and all literature will be in the second part .