VS2008 Windows应用程序中的安全约束 [英] security Constraint in VS2008 windows application

问题描述

我在VS2008中有C＃桌面应用程序，它保存在我们组织的远程服务器上。

我想保护该应用程序，以便没有人可以更改或修改它。我该怎么办？

解决方案

首先，签名给它一个强名称（使用Visual Studio进行标准操作）。请参阅：

http://msdn.microsoft.com/en-us /library/wd40t7ad.aspx [ ^ ]。



为了能够编译应用程序，您必须签署应用程序集所引用的所有程序集，但您也需要它。



这个简单的措施已经保护代码不被修改：如果你在程序集中更改了任何内容，if将无法加载，这样就可以节省你，比如感染系统一些模块被病毒感染，它也表明程序集已被修改。



但这不是全部。有人替换了应用程序的入门级程序集（这只是最简单的漏洞利用程序），还有一些其他程序集，也是签名和类似的行为，与可执行模块（PE文件）的名称相同？这样的技巧也可以使用逆向工程来完成。



在这种情况下，您可以发布密钥对的公钥并提供用于验证有问题的程序集是否使用真实密钥对进行签名的应用程序。如果组件通过此类验证，则表示它是真实的。通过已知的公钥来制作密钥对并签署伪装配是不可能的。为了确保检查应用程序本身不是假的，它可以是，例如，在源代码中呈现。用户不需要Visual Studio或任何技能来构建它，因为MSBuild和编译器是.NET Framework的一部分，因此一个简单的批处理文件将进行构建（只是一个想法，任何架构，当一个用户可以有一些可信的应用程序会工作）。请参阅：

http：//blogs.msdn .com / b / shawnfa / archive / 2004/06/07 / 150378.aspx [ ^ ]。



一些背景：要了解安全方案，您需要了解公钥加密的工作原理：

http：// en.wikipedia.org/wiki/Public-key_cryptography [ ^ ]，

http://en.wikipedia.org/wiki/Digital_signature [ ^ ]。



现在，一个更简单，更便宜的替代方案：你可以计算加密哈希函数应用程序的所有PE文件（或包含所有文件的ZIP文件）并发布它。用户可以轻松验证散列是否与所需的散列数据匹配。伪造文件的方法是不可行给出相同的哈希值。请参阅：

http://en.wikipedia.org/wiki/Cryptographic_hash_function [< a href =http://en.wikipedia.org/wiki/Cryptographic_hash_functiontarget =_ blanktitle =New Window> ^ ]。



仅在您确实需要安全性的情况下，不要像许多人那样使用MD5或SHA-1。发现这些功能被打破了。但是，SHA-2系列的功能尤其适用。请参阅：

http://en.wikipedia.org/wiki/MD5 [< a href =http://en.wikipedia.org/wiki/MD5target =_ blanktitle =New Window> ^ ]，

http://en.wikipedia.org/wiki/SHA-1 [ ^ ]，

http://en.wikipedia.org/wiki/SHA-2 [ ^ ]。



使用.NET，您已经为您实现了足够的算法：http://msdn.microsoft.com/en-us/library/system.security.cryptography。 hashalgorithm.aspx [ ^ ]。



E如果你使用加密哈希函数的方式，如果你将它们部署在任何地方仍然会签署所有程序集：不会受到伤害。

-SA

I have C# desktop application in VS2008, and it is saved on remote server of our organization.
I want to secure that application so that no one can change it or modify it. what should I do?

解决方案

First of all, sign it to give it a strong name (standard operation with Visual Studio). Please see:
http://msdn.microsoft.com/en-us/library/wd40t7ad.aspx[^].

To be able to compile the application, you will have to sign all assemblies referenced by your application assembly, but you want it, too.

This simple measure already protects the code from modification: if you change anything in the assembly, if will fail to load, which saves you from, say, infecting the system if some modules are infected by a virus, and it also will indicate that the assembly was modified.

But this is not all. What is someone replaces, say, entry-level assembly of the application (this is just the simplest variant of exploit) with some other assembly, also signed and similar in behavior, with the same name of the executable module (PE file)? Such trick could also be done using reverse engineering.

In this case, you can publish a public key of the key pair and provide an application for validation that the assembly in question is signed with the authentic key pair. If the assembly passes such verification, it means it is authentic. It is impossible to craft the key pair and sign the fake assembly by the known public key. To make sure the checkup application itself is not fake, it could be, for example, presented in source code. The user does not need Visual Studio or any skills to build it, as MSBuild and compilers are a part of .NET Framework, so a simple batch file would do a build (just an idea, any schema when a use can have some trusted application would work). Please see:
http://blogs.msdn.com/b/shawnfa/archive/2004/06/07/150378.aspx[^].

Some background: to understand the security scenarios, you need to understand how public-key cryptography works:
http://en.wikipedia.org/wiki/Public-key_cryptography[^],
http://en.wikipedia.org/wiki/Digital_signature[^].

Now, a simpler and cheaper alternative: you can calculate the cryptographic hash function of all the PE files of your application (or ZIP file containing all the files) and publish it. The user can easily validate that the hash matches the required hash data. It is infeasible to fake the files the way giving the same hash. Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

Only, if you really need security, don't use MD5 or SHA-1 as many do. These functions were found broken. But a function from the SHA-2 family, in particular, will do well. Please see:
http://en.wikipedia.org/wiki/MD5[^],
http://en.wikipedia.org/wiki/SHA-1[^],
http://en.wikipedia.org/wiki/SHA-2[^].

With .NET, you have enough algorithms already implemented for you: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

Even if you use the cryptographic hash function way, still do sign all the assemblies if you deploy them anywhere: won't hurt.

—SA

这篇关于VS2008 Windows应用程序中的安全约束的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！