[Home] [Recent] [Site Map] [SharePoint] [XBOX]
I"m sitting here in San Francisco preparing myself for a presentation tomorrow morning at the Web 2.0 Summit. Ostensibly the presentation is on Microsoft"s Software + Services In Action. I guess they asked me to do it because they decided "in action" means "show a really long demo of Popfly."
What questions would you like me to answer? I"ll try to work them in.
Oh, and keep it clean please, folks. ;-)
Setting the security descriptor allows you to control who can open a handle to the device object. Typically you can call IoCreateDeviceSecure to create the device object and have the correct DACL from the start. One issue with IoCreateDeviceSecure is that the SDDL string is limited to what it can describe, primarily you can only specify predefined SIDs. If you need a SID that is not predefined you must build the security descriptor by hand and the code to do it is not very easty to implement (let alone figure out which DDIs you need to call in the first place).
Well, Paul Sliwowicz kindly donated this code snippet which will set a security descriptor on a legacy device object. It does require that you are able to open a handle to the device object first, so it might be a good idea to initially create the device with a very restrictive SDDL string that limits opens to the system only and then relax it to your needs with the following code which works in either a WDM or KMDF driver. This can also work on device objects that are created by other drivers, but you have a built in race between when the device is created and when you set the security descriptor that you must also account for.
NTSTATUS
SetDeviceDacl(
PDEVICE_OBJECT DeviceObject
)
{
SECURITY_DESCRIPTOR sd = { 0 };
ULONG aclSize = 0;
PACL pAcl = NULL; NTSTATUS status;
status = ObOpenObjectByPointer(DeviceObject,
OBJ_KERNEL_HANDLE,
NULL,
WRITE_DAC,
0,
KernelMode,
&fileHandle);
if (!NT_SUCCESS(status)) {
goto Exit;
}
//
// Calculate how big our ACL needs to be to support one ACE (in
// this case we"ll use a predefined Se export for local system
// as the SID)
//
aclSize = sizeof(ACL);
aclSize += RtlLengthSid(SeExports->SeLocalSystemSid);
aclSize += RtlLengthSid(SeExports->SeAliasAdminsSid);
aclSize += RtlLengthSid(SeExports->SeAliasUsersSid);
//
// Room for 3 ACEs (one for each SID above); note we don"t
// include the end of the structure as we"ve accounted for that
// length in the SID lengths already.
//
aclSize += 3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart);
pAcl = (PACL) ExAllocatePoolWithTag(PagedPool, aclSize, TAG);
if (pAcl == NULL) {
status = STATUS_INSUFFICIENT_RESOURCES;
goto Exit;
}
status = RtlCreateAcl(pAcl, aclSize, ACL_REVISION);
if (!NT_SUCCESS(status)) {
goto Exit;
}
status = RtlAddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE | DELETE,
SeExports->SeLocalSystemSid);
if (!NT_SUCCESS(status)) {
goto Exit;
}
status = RtlAddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE | DELETE,
SeExports->SeAliasAdminsSid );
if (!NT_SUCCESS(status)) {
goto Exit;
}
status = RtlAddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_READ,
SeExports->SeAliasUsersSid ); if (!NT_SUCCESS(status)) {
goto Exit;
}
//
// Create a security descriptor
//
status = RtlCreateSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(status)) {
goto Exit;
}
//
// Associate the above pAcl with the security descriptor
//
status = RtlSetDaclSecurityDescriptor(&sd, TRUE, pAcl, FALSE);
if (!NT_SUCCESS(status)) {
goto Exit;
}
//
// Set security on the object
//
status = ZwSetSecurityObject(fileHandle, DACL_SECURITY_INFORMATION, &sd);
if (!NT_SUCCESS(status)) {
goto Exit;
}
Exit:
ZwClose(fileHandle);
fileHandle = NULL;
if (pAcl != NULL) {
ExFreePool(pAcl);
pAcl = NULL;
}
return status;
}
We just released the Virtual Earth Map Control v6 API. You can find all the latest details in the Virtual Earth Map Control SDK, Version 6.0. Or you can download the Virtual Earth Map Control SDK (CHM file) directly. You can also try out the updated Virtual Earth Interactive SDK.
One of the major focuses of this release is enhanced accuracy and performance. New features for this release include:
Check back here for future code samples and information regarding the Virtual Earth v6 API.
Hi, my name is Harish Srinivasan. I work in the Windows CE Core Networking team. I own IPsec, IKE and several other networking components.
Conforme prometido no evento de hoje, coloco aqui alguns links importantes relacionado ao desenvolvimento web que cito nas minhas palestras: - Boas práticas para desenvolvimento Web: http://msdn2.microsoft.com/en-us/practices/bb190360.aspx - ASP.NET AJAX: http://ajax.asp.net - Silverlight: http:// www.silverlight.net - LIVE: http://dev.live.com - QuickApplication (LIVE + Silverlight): http://dev.live.com/quickapps/ - DinnerNow.net: http://dinnernow.net/ Até mais!!...(read more)
Te invitamos a ser parte del Tour Tecnológico 2007, que consiste en 20 eventos dónde platicaremos sobre las últimas tendencias de tecnología de Microsoft en todo el país! Queremos que seas parte del Tour escogiendo la AGENDA del evento en el sitio de votación! además podrás ganar alguno de los XBox 360 que obsequiaremos!
Entra aquí y crea la agenda para el Tour Tecnológico 2007!
I"m writing a series of blog posts over on the Team WIT Tools blog about how we"re managing our documentation projects using TFS. Look here for the first post. http://blogs.msdn.com/teams_wit_tools/archive/2007/10/16/managing-documentation-projects-in-team-foundation-server-part-1-planning-the-sprint.aspx
Have you seen the new Live Search Maps ? Launched today, the new interface is a LOT simpler to use, and a lot faster (it seems) to load and find results. The Windows Live Search team has really been busy getting and incorporating all the feedback they"ve received into a much more solid and reliable product. I really like the simplified interface too - I can more easily search for people, places and addresses using a single entry field instead of two, and the system is smarter about interpreting...(read more)
This 2 day interactive workshop – targeted at Partners participating in the BPIO Campaigns – has as its outcomes:
· to provide an overview understanding of the BPIO Campaign
· to provide some relevant sales and marketing knowledge/skills/processes to assist Partners generate and convert leads relevant to the BPIO Campaign
· point Partners towards a range of resources to assist them to capitalise on the opportunity provided by the BPIO Campaign.
By using tools made available by Microsoft to work with customers to understand their current level of optimisation, Partners can work with their customers to plan a path to achieve the highest level of business productivity infrastructure optimisation.
The BPIO University targets a number of solution areas including:
· unified communications
· collaboration
· enterprise content management
· enterprise search
· business intelligence
This course will also supply you with all of the materials and tools you need to expedite the sales process and close deals faster.
REGISTER NOW https://www.local.microsoft.com.au/australia/events/register/home.aspx?levent=300213&linvitation
Adam Shostack here, with part four of my threat modeling series. This post is a little less philosophical and a lot more prescriptive than the one about flow. It explains exactly how and why I changed a couple of elements of the process. The first is the brainstorming meeting, and the second is the way trust boundaries may be placed.
The brainstorming meeting is a mainstay of expert threat modeling. It’s pretty simple: you put your security experts in a room with system diagrams and a whiteboard. Usually, you put your system designers in there, and make them promise not to strangle your experts. Optionally, you can add beer or scotch. Sometime later, you get a list of threats. How long depends on how big the system is, how well its requirements are documented, and how well your experts work together.
We like having our developers threat model. There are a lot of reasons for this. Not only do they know the system better than anyone else, but getting people involved in a process helps ensure that they buy into it.
Now this desire is great, but it leads to some issues, first and foremost is that many of the people who are now involved aren’t security experts. This means that they lack both direct experience of the process and the background that informs it. This isn’t a slam on them. I lack experience in the database design process, and I don’t have years of experience to help orient me. So I’d make mistakes designing a database, and someone who isn’t a security expert may make mistakes in security. For example, someone might try to use encryption to mitigate tampering threats. (The SDL crypto requirements cover this, and I try to gently correct them to integrity mechanisms like MACs or signatures.) This is a reality that we have to account for at the process design level.
Adding Structure to Chaos
So how does this relate to the brainstorming meeting? It’s a dramatic increase in the need for structure. Where experts may think they do better threat modeling with scotch in hand, , it certainly doesn’t lead to beginners having a flow experience. So we need a structure, and we need to provide it.
We encourage people to get started by drawing a whiteboard diagram. Almost everyone in software draws on whiteboards regularly, and this makes it an ideal first step. It’s an ideal first step because everyone can do it, see that they’ve done it, and feel like they’re making progress.
The core mechanism we’ve used to provide it is the STRIDE/element chart. (I’ll talk a lot more about its origins and limits in a few posts, but for now, let’s pretend it’s gospel, and enumerates all possible threats.) Given this gospel, it becomes possible to step through the threat modeling diagram, “turn the crank,” and have threats come out. “Item 7 is a data flow? Let’s look for T,I and D.” (Tampering, Information disclosure, and Denial of service.)
Similarly, we have four ways of addressing threats – redesign, standard mitigations, new mitigations, and risk acceptance. We have training on mitigating threats, we have explanation of why and when to use each (and they’re presented in a preferred order).
Lastly, we provide advice about how to validate the threat model and it’s relation to reality.
Between these four steps and the hamster wheel which ties them together, we give people the structure in which they can take on the process. The other thing I wanted to address is how we respond to consistent “errors” that we see.
Where Trust Boundaries Show Up
We used to give people clear guidance that trust boundaries should only intersect with data flows. After all, you can’t really have a process that’s half-running as admin, and half as a normal user. Logically, you have two entities. And people kept drawing trust boundaries across processes and data stores. It drove me up the wall. It was wrong.
As people kept doing it, I decided to swallow my pride and accept it. I now tell people to put their trust boundaries wherever they believe one exists. And they’ve continued exactly as before, but I’m a lot happier, because I’ve found a way to help them draw more detailed diagrams where they need them. Which includes anywhere a trust boundary crosses a process or data store. They’re happier too. No one is telling them that they’re wrong.
I was going to title this post “Lord grant me the strength to change the things I can, the courage to accept what I can’t, and the wisdom to know the difference,” but, first, it’s too long, and second, if we started that way, it would be wrong to add beer or scotch.
Site List:
>>Xbox Live_s Major Nelson
>>Xbox 360 & SharePoint 2007 Weblog
>>Carsten Keutmann_s Blog
>>Mohamed Zaki_s Blog [Sharepoint MVP]
>>The Mit_s Blog
>>Mart Muller_s Sharepoint Weblog
>>Microsoft SharePoint Products and Technologies Team Blog
>>SharePoint Solutions Blog
>>4GuysFromRolla.com Headlines
>>ASP.NET Blogs
>>SharePoint Blogs
>>SharePoint Blogs
>>Joel on Software
>>ADO Guy_s Rants and Raves
>>Microsoft Live Labs
>>GadgetNews
>>Windows Vista Team Blog
>>VoIP & Gadgets Blog
>>schrankmonster blog
>>Via Virtual Earth Blog
>>Feed
>>MSDN Blogs
>>Mashable!
Links:
Jack's Readings
Month Archives:
Oct 2007
Sep 2007
Top Tags:
social software social networking .NET mashable Sharepoint ASP.NET Web 2.0 Web2.0 Startups Community News Search Marketplace General Software Development AJAX Windows Vista Visual Studio Microsoft myspace Silverlight People Powered! YouTube Vista MOSS Featured News C# Events MOSS 2007 Google WPF Office 2007 Web Community Security General Personal Xbox 360 facebook Tools development SharePoint 2007 Fun Atlas Architecture ASP.NET AJAX myspace codes TheLongTail IIS SQL Server Developers Revenue Sharing Video Pictures WCF Mobile 2.0 Announcements Orcas MIX07 Arcade Team System JavaScript News
@2007 All rights Reserved |