Saturday, May 18, 2013

IPSEC

I was going to be posting on text indexing but I will make a post on IPSEC before that.

IPSEC is a suite of protocols for securing network connections. IP packets are authenticated and encrypted for the duration of a session. A variety of protocols can be used for authentication and encryption. It provides several controls for network connections and is generally better organized than many other networking protocols. This is an end to end IP connectivity between two endpoints that are either host to host, network to network or network to host.
The IPSec suite is an open standard. It uses the following protocols to perform various operations.
Authentication headers (AH): This guarantees that the sender of IP packets is who the packet says it is from and that the packet has not been tampered with. This prevents spoofing and replay attacks. This is achieved by computing a hash value called the Integrity Check Value and a sequence number. The sequence number helps to use a sliding window to determine the packets that are old and can be discarded.
Encapsulating Security Payloads (ESP): This provides confidentiality protection of packets. It supports both encryption and authentication configurations for direct IP connectivity as well as tunnel based connectivity. A tunnel is used to describe communication between two endpoints over a public network such that two endpoints can talk to each other without letting any of the other hosts on the public network know. A common example is when people connect to their office from home. This is implemented by slapping on another IP header over the original. This way the public network routes the packets based on the first header but the source and destination look at the inner IP packets to know that the packets are from each other. ESP unlike AH does not support integrity and authentication for the entire IP Packet.
Security Association This is the group of algorithms and parameters such as keys that is being used to encrypt and authenticate a particular flow in one direction.  A pair of security associations is required to secure bidirectional traffic. These groupings are well organized and policies are enforced using a policy agent.
There are two modes of transport for IPSEC depending on host to host configuration or those involving network tunnels and are referred to as the transport mode and tunnel mode respectively.
In the transport mode, only the payload of the IP packet is usually encrypted or authenticated and the IP header is preserved. The limitation of this mode is that the IP addresses cannot be translated when the authentication header is used as it will invalidate the hash value.
In the tunnel mode, an entire IP packet is  encrypted and/or authenticated because it is encapsulated into a new IP packet with a header.
The algorithms used for encrypting the packets include SHA1 for integrity protection and authenticity and  Triple DES and AES for confidentiality. The key negotiation for authentication is usually included with the IPSEC implementation from a vendor.
IPSEC implementation in earlier windows was a standalone component separate from windows firewall. This has changed since. IPSEC lets you author in more generic terms a set of rules and settings that define the security policies of your network and are implemented by each and every host on your network. You author these IPSEC policy settings as well as the individual policy or rules with IP filters and filter actions. IP filters define a set of IP traffic.
For example, a computer on the intranet can have the following rules: allow connections with resource servers, allow connections with other intranet computers, but deny connections to everyone else. These are authored as inbound and outbound rules.  Filters are evaluated based on weights. The weights are decided based on source IP address, subnet mask, destination IP address, subnet mask , IP protocol, source port, destination port. The source destination IP address port pairs identify a connection. Along with the filters and filter actions, you can also define the authentication methods such as Kerberos, Active Directory or certificate based.
The policies are written for the domain system and are retrieved by the policy agent running on the  host computers that want to communicate. These policies are passed to the IKE module which determines the authentication mechanism from negotiation settings of IPSEC, determines the secret key, and the protection of direct and tunnel mode traffic. These are then passed as SA parameters to the IPSEC drivers use these to protect the traffic. Since the IPSEC driver sits below the application and TCP/IP network stack, it handles all IP traffic.
After the policies are created, they can be assigned to different AD domains, sites and organizational units thus giving you the flexibility to define the scope for your rules and removing the redundancy from having to repeat the rules on each host. Local IP sec policies are overridden by domain based IPsec policies and so on.

Posted by at No comments:

Friday, May 17, 2013

Dump file format 2 (blog post continued)

Extracting the stack trace is different from resolving the stack trace function pointers with symbols. For the extraction part, we read from dump files from external sources. For the resolution part, we read symbols from mostly internal sources unless otherwise provided. The latter can happen offline. There is support via debugger interface access sdk (DIA) and somewhat more generally with the debugger client sdk that gets shipped with debugging tools from windows. The latter has an interface in C# as opposed to the COM based interface of DIA. There is also more debugging features available via the debugging sdk.
The debugging sdk assembly (mdbgeng) requires full trust. When redistributing a package with this assembly, it's probably better to register it to the global assembly cache or use with NuGet. For the most part, we want to focus on preliminary analysis of dumps using streams.
Also we could provide APIs for the functionalities we write, so that any client, powershell or standalone executable can call these.
API design could consider a subset of the debugger sdk as appropriate. The two main methods we are interested in are GetStackTraceFromStream and OutputStackTrace.
The APIs could additionally consider methods for retrieving bucket information, timestamps, and additional details such as the system information on which the dump occurred.
The powershell implementation of these APIs are enabled via appropriate attribute on the methods mentioned above.
Exception handling and return values are limited to very few meaningful messages.
Also, deployment of a standalone tool for this can be MSI based so that install and uninstall is easy. The MSI can be generated with libraries such as WixSharp.

Next blog post will continue on text indexing methods.
Posted by at No comments:

Thursday, May 16, 2013

Dump file format

Dump file format
Dump file have specific formats that help in debugging. For example, they store the system information and exception record as the first few fields of data that they carry and hence at calculatable offsets from the start of the file. The exception record has the exception which produced the dump. It also has additional information such as the exception code  which gives the bucket under which this exception falls such as access violation, array bounds exceeded, divide by zero, invalid operation, overflow or underflow, invalid operation etc. Exception records can be chained together to provide additional information on nested exceptions. Exception Address gives the address at which the exception occurred and used for stack trace.
Exceptions are not always on the first thread. Hence a display of the stack trace at the first thread may not capture the exception that triggered the dump. This is obtained with another command on the debugger by name .ecxr. This sets the context to that of the exception and then the stack trace command gives the desired stack trace. The stack trace can be manually displayed with dd command on ebp or esp register after .ecxr. This can then be resolved against symbols to display function names.
The dump file does not look for threads. The system information directory and exception record directory precede all other data. Hence the look up of the exception address is easier. The exception directory is followed by the exception record  and the context of the thread. Additional thread info structures can follow next in n * field info data structure.
Dump filters relative virtual addresses (RVA) to point to the data member within the file. These are offsets from the start of the file. The format specifies a set of directories that point to the data. Each directory specifies the following, the data type, the data size and the RVA to the location of data in the dump file. The file layout consists of a header that gives information on the version, signature, number of directories and RVA. This is followed by a set of directories each of which points to data in the dump data section.  The data sections follow this list of directories. The first two data sections are reserved for system information and exception stream.
Dump files can be of more than one type. They are categorized by their sizes  and are enumerated as context dumps, system dumps, complete dumps in the order of increasing size. The context dumps range in size from 4Kb- 64Kb,  the system dumps range from 64 Kb - several MB and the complete dumps store the entire physical memory and the 64Kb. The context dumps carry information such as exception that initiated the crash, context record of faulting thread, Module list and thread list although these are restricted to the faulting ones, callstack of faulting thread, 64 bytes of memory above and below the instruction pointer and the stack memory dump of the faulting thread that can fit in the 64KB limit. The other types of dump includes these same essential information but include the complete list of all modules, threads, and more memory dumps around the instruction pointers and stack. When the entire heap is included in the dump file, there is plenty of debugging information to even discern the values of local variables on the stack. However, that increases the size of the dumps considerably.
Dump file bucketing refers to grouping of dump files that arose from similar crashes such as those from a common code defect.  These can include variables like the application name, version and timestamp, the owner application name, version and timestamp, the module name, version and timestamp, and the offset into the module. Bucketing helps to determine the priority and severity of the associated code defect.
Dump file structures indicate how to navigate the file for specific information. These are well documented and essentially refer to using RVAs to find information. There are specific structures that represent thread call stack frames.
Note reading the dump file is a forward only operation and hence streams can be used with dump files to retrieve the stack trace.

User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
Windows 8 Version 9200 MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.2.9200.16384 (win8_rtm.120725-1247)
Machine Name:
Debug session time: Tue Apr 30 18:37:57.000 2013 (UTC - 7:00)
System Uptime: not available
Process Uptime: 0 days 0:00:45.000
.............................
----- User Mini Dump Analysis
MINIDUMP_HEADER:
Version         A793 (62F0)
NumberOfStreams 10
Flags           1105
                0001 MiniDumpWithDataSegs
                0004 MiniDumpWithHandleData
                0100 MiniDumpWithProcessThreadData
                1000 MiniDumpWithThreadInfo
Streams:
Stream 0: type ThreadListStream (3), size 00000094, RVA 00000410
  3 threads
  RVA 00000414, ID 38, Teb:000007F7BC25E000
  RVA 00000444, ID 3FFC, Teb:000007F7BC25C000
  RVA 00000474, ID 3828, Teb:000007F7BC25A000
Stream 1: type ThreadInfoListStream (17), size 000000CC, RVA 000004A4
  RVA 000004B0, ID 38
  RVA 000004F0, ID 3FFC
  RVA 00000530, ID 3828
Stream 2: type ModuleListStream (4), size 00000C40, RVA 00000570
  29 modules
  RVA 00000574, 000007f7`bd1c0000 - 000007f7`bd2cb000: 'C:\Windows\System32\calc
.exe', 8160
  RVA 000005E0, 000007f8`c31d0000 - 000007f8`c338e000: 'C:\Windows\System32\ntdl
l.dll', 140
  RVA 0000064C, 000007f8`c29d0000 - 000007f8`c2b06000: 'C:\Windows\System32\kern
el32.dll', 140
  RVA 000006B8, 000007f8`c0240000 - 000007f8`c0333000: 'C:\Windows\System32\KERN
ELBASE.dll', 140
  RVA 00000724, 000007f8`c10c0000 - 000007f8`c23a4000: 'C:\Windows\System32\shel
l32.dll', 140
  RVA 00000790, 000007f8`c2530000 - 000007f8`c2580000: 'C:\Windows\System32\shlw
api.dll', 140
  RVA 000007FC, 000007f8`c2c50000 - 000007f8`c2df0000: 'C:\Windows\WinSxS\amd64_
microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16384_none_72771d4ecc1c3a4d\
GdiPlus.dll', 140
  RVA 00000868, 000007f8`c2580000 - 000007f8`c265e000: 'C:\Windows\System32\adva
pi32.dll', 140
  RVA 000008D4, 000007f8`c2b80000 - 000007f8`c2c43000: 'C:\Windows\System32\olea
ut32.dll', 140
  RVA 00000940, 000007f8`be9e0000 - 000007f8`beac6000: 'C:\Windows\System32\uxth
eme.dll', 140
  RVA 000009AC, 000007f8`c2660000 - 000007f8`c27de000: 'C:\Windows\System32\ole3
2.dll', 140
  RVA 00000A18, 000007f8`ba1b0000 - 000007f8`ba419000: 'C:\Windows\WinSxS\amd64_
microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697
189c07f\comctl32.dll', 140
  RVA 00000A84, 000007f8`c0e20000 - 000007f8`c0f6c000: 'C:\Windows\System32\user
32.dll', 140
  RVA 00000AF0, 000007f8`c0ce0000 - 000007f8`c0e20000: 'C:\Windows\System32\rpcr
t4.dll', 140
  RVA 00000B5C, 000007f8`ba5b0000 - 000007f8`ba5d0000: 'C:\Windows\System32\winm
m.dll', 140
  RVA 00000BC8, 000007f8`c2890000 - 000007f8`c29d0000: 'C:\Windows\System32\gdi3
2.dll', 140
  RVA 00000C34, 000007f8`c1010000 - 000007f8`c10b5000: 'C:\Windows\System32\msvc
rt.dll', 140
  RVA 00000CA0, 000007f8`c0670000 - 000007f8`c0820000: 'C:\Windows\System32\comb
ase.dll', 140
  RVA 00000D0C, 000007f8`c0f70000 - 000007f8`c0fb8000: 'C:\Windows\System32\sech
ost.dll', 140
  RVA 00000D78, 000007f8`ba040000 - 000007f8`ba072000: 'C:\Windows\System32\WINM
MBASE.dll', 140
  RVA 00000DE4, 000007f8`c0fd0000 - 000007f8`c1009000: 'C:\Windows\System32\imm3
2.dll', 140
  RVA 00000E50, 000007f8`c30b0000 - 000007f8`c31c4000: 'C:\Windows\System32\msct
f.dll', 140
  RVA 00000EBC, 000007f8`ba420000 - 000007f8`ba5aa000: 'C:\Windows\System32\Wind
owsCodecs.dll', 140
  RVA 00000F28, 000007f8`bb410000 - 000007f8`bb431000: 'C:\Windows\System32\dwma
pi.dll', 140
  RVA 00000F94, 000007f8`bffb0000 - 000007f8`bffba000: 'C:\Windows\System32\CRYP
TBASE.dll', 140
  RVA 00001000, 000007f8`bff50000 - 000007f8`bffac000: 'C:\Windows\System32\bcry
ptPrimitives.dll', 1c0
  RVA 0000106C, 000007f8`c05d0000 - 000007f8`c0666000: 'C:\Windows\System32\clbc
atq.dll', 140
  RVA 000010D8, 000007f8`b9b30000 - 000007f8`b9b99000: 'C:\Windows\System32\olea
cc.dll', 140
  RVA 00001144, 000007f8`bf250000 - 000007f8`bf2e6000: 'C:\Windows\System32\SHCo
re.dll', 140
Stream 3: type MemoryListStream (5), size 00000354, RVA 00002D5D
  53 memory ranges
  range#    RVA      Address             Size
       0 000030B1    000007f8`bffb5000   00000000`00000730
       1 000037E1    00000043`da3f0860   00000000`00002000
       2 000057E1    00000043`da3f2bf0   00000000`00000028
       3 00005809    00000043`da3f8c80   00000000`00000008
       4 00005811    00000043`da3f94e0   00000000`00000010
       5 00005821    000007f8`c2572000   00000000`000014a0
       6 00006CC1    00000043`da3fc320   00000000`00000008
       7 00006CC9    00000043`da3fc770   00000000`00000410
       8 000070D9    000007f8`c0e21e3a   00000000`00000100
       9 000071D9    00000043`da4005c0   00000000`00000010
      10 000071E9    00000043`da400620   00000000`00000010
      11 000071F9    000007f8`c2ae1000   00000000`00001920
      12 00008B19    000007f8`c0ff9000   00000000`00001120
      13 00009C39    00000043`da415310   00000000`00000410
      14 0000A049    000007f8`b9b84000   00000000`00002eec
      15 0000CF35    00000043`da446cb0   00000000`00000008
      16 0000CF3D    00000043`da446d70   00000000`00000018
      17 0000CF55    00000043`da446db0   00000000`00000008
      18 0000CF5D    00000043`da44a760   00000000`00000410
      19 0000D36D    000007f8`c1939000   00000000`00000009
      20 0000D376    000007f8`c2975000   00000000`00003d28
      21 0001109E    000007f8`c27aa000   00000000`0000234a
      22 000133E8    000007f8`beaa7000   00000000`00003490
      23 00016878    000007f8`c0ebd000   00000000`00001ac9
      24 00018341    000007f8`c2617000   00000000`000048c6
      25 0001CC07    000007f8`c109e000   00000000`00004bda
      26 000217E1    00000043`da31d7d8   00000000`00002828
      27 00024009    000007f8`c07e4000   00000000`00006e08
      28 0002AE11    000007f8`c3308000   00000000`0000a1d0
      29 00034FE1    000007f8`c2dc4000   00000000`00001c38
      30 00036C19    000007f8`c0654000   00000000`00005790
      31 0003C3A9    000007f8`c316c000   00000000`00001d10
      32 0003E0B9    000007f8`c2dd8000   00000000`00003164
      33 0004121D    000007f8`ba3a6000   00000000`000041c8
      34 000453E5    000007f7`bd259000   00000000`0000517c
      35 0004A561    000007f8`ba588000   00000000`000039d0
      36 0004DF31    000007f8`c2c2c000   00000000`00002204
      37 00050135    00000043`df44f8c8   00000000`00000738
      38 0005086D    000007f8`ba3cc000   00000000`000055b8
      39 00055E25    000007f7`bc254000   00000000`00000388
      40 000561AD    000007f8`bf2d1000   00000000`00001080
      41 0005722D    000007f7`bc25a000   00000000`00006000
      42 0005D22D    000007f8`bf2e0000   00000000`00000009
      43 0005D236    000007f8`c0313000   00000000`00003176
      44 000603AC    000007f8`ba5c4000   00000000`00001694
      45 00061A40    000007f8`c18a4000   00000000`0000e4ac
      46 0006FEEC    000007f8`c0fac000   00000000`00002a08
      47 000728F4    000007f8`bb423000   00000000`00003420
      48 00075D14    000007f8`ba068000   00000000`00002050
      49 00077D64    000007f8`c31d311b   00000000`00000100
      50 00077E64    00000043`deb9f998   00000000`00000668
      51 000784CC    000007f8`c0dfc000   00000000`00001adb
      52 00079FA7    000007f8`bffa4000   00000000`00000ce8
  Total memory: 77bde
Stream 4: type SystemInfoStream (7), size 00000038, RVA 00000098
  ProcessorArchitecture   0009 (PROCESSOR_ARCHITECTURE_AMD64)
  ProcessorLevel          0006
  ProcessorRevision       2A07
  NumberOfProcessors      08
  MajorVersion            00000006
  MinorVersion            00000002
  BuildNumber             000023F0 (9200)
  PlatformId              00000002 (VER_PLATFORM_WIN32_NT)
  CSDVersionRva           000011B0
                            Length: 0
  Product: WinNt, suite: SingleUserTS
Stream 5: type MiscInfoStream (15), size 00000340, RVA 000000D0
Stream 6: type HandleDataStream (12), size 00000EE8, RVA 0007BB39
  95 descriptors, header size is 16, descriptor size is 40
    Handle(0000000000000004,"Directory","\KnownDlls")
    Handle(0000000000000008,"File","")
    Handle(000000000000000C,"File","")
    Handle(0000000000000010,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\SESSION MANAGER")
    Handle(0000000000000014,"ALPC Port","")
    Handle(0000000000000018,"File","")
    Handle(000000000000001C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\Nls\Sorting\Versions")
    Handle(0000000000000020,"Key","\REGISTRY\MACHINE")
    Handle(0000000000000000,"","")
    Handle(0000000000000028,"Event","")
    Handle(000000000000002C,"Event","")
    Handle(0000000000000030,"Event","")
    Handle(0000000000000034,"Event","")
    Handle(0000000000000038,"Event","")
    Handle(000000000000003C,"Event","")
    Handle(0000000000000000,"","")
    Handle(0000000000000044,"Directory","\Sessions\1\BaseNamedObjects")
    Handle(0000000000000000,"","")
    Handle(000000000000004C,"Event","")
    Handle(0000000000000050,"WindowStation","\Sessions\1\Windows\WindowStations\
WinSta0")
    Handle(0000000000000054,"Desktop","\Default")
    Handle(0000000000000058,"WindowStation","\Sessions\1\Windows\WindowStations\
WinSta0")
    Handle(000000000000005C,"File","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000080,"Semaphore","")
    Handle(0000000000000084,"Semaphore","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(00000000000000C4,"Section","")
    Handle(00000000000000C8,"Event","")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(00000000000000D4,"Event","")
    Handle(00000000000000D8,"Key","\REGISTRY\USER\S-1-5-21-2127521184-1604012920
-1887927527-1877126_CLASSES")
    Handle(0000000000000000,"","")
    Handle(00000000000000E0,"ALPC Port","")
    Handle(00000000000000E4,"Key","\REGISTRY\USER\S-1-5-21-2127521184-1604012920
-1887927527-1877126")
    Handle(00000000000000E8,"Section","\Windows\Theme3392824991")
    Handle(00000000000000EC,"Section","\Sessions\1\Windows\Theme2414463033")
    Handle(0000000000000000,"","")
    Handle(0000000000000000,"","")
    Handle(00000000000000F8,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\Nls\Locale")
    Handle(00000000000000FC,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\Nls\Locale\Alternate Sorts")
    Handle(0000000000000100,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\Nls\Language Groups")
    Handle(0000000000000104,"File","")
    Handle(0000000000000108,"Section","")
    Handle(000000000000010C,"Key","\REGISTRY\MACHINE\SYSTEM\ControlSet001\Contro
l\Nls\Sorting\Ids")
    Handle(0000000000000110,"Event","")
    Handle(0000000000000114,"Thread","")
    Handle(0000000000000118,"Event","")
    Handle(000000000000011C,"Mutant","")
    Handle(0000000000000000,"","")
    Handle(0000000000000124,"Event","")
    Handle(0000000000000128,"Event","")
    Handle(000000000000012C,"Event","")
    Handle(0000000000000130,"Event","")
    Handle(0000000000000134,"Event","")
    Handle(0000000000000000,"","")
    Handle(000000000000013C,"Section","\BaseNamedObjects\__ComCatalogCache__")
    Handle(0000000000000140,"File","")
    Handle(0000000000000144,"Key","\REGISTRY\USER\S-1-5-21-2127521184-1604012920
-1887927527-1877126_CLASSES")
    Handle(0000000000000000,"","")
    Handle(000000000000014C,"Event","\KernelObjects\MaximumCommitCondition")
    Handle(0000000000000150,"Key","\REGISTRY\MACHINE\SOFTWARE\Microsoft\WindowsR
untime\CLSID")
    Handle(0000000000000154,"Key","\REGISTRY\MACHINE\SOFTWARE\Classes\Activatabl
eClasses\CLSID")
    Handle(0000000000000158,"Section","\BaseNamedObjects\__ComCatalogCache__")
    Handle(000000000000015C,"Mutant","\Sessions\1\BaseNamedObjects\MSCTF.Asm.Mut
exDefault1")
    Handle(0000000000000160,"Key","\REGISTRY\USER\S-1-5-21-2127521184-1604012920
-1887927527-1877126_CLASSES")
    Handle(0000000000000164,"Event","")
    Handle(0000000000000168,"Event","")
    Handle(000000000000016C,"Thread","")
    Handle(0000000000000170,"Timer","")
    Handle(0000000000000174,"Event","")
    Handle(0000000000000000,"","")
    Handle(0000000000000184,"Section","\Sessions\1\BaseNamedObjects\windows_shel
l_global_counters")
Stream 7: type UnusedStream (0), size 00000000, RVA 00000000
Stream 8: type UnusedStream (0), size 00000000, RVA 00000000
Stream 9: type UnusedStream (0), size 00000000, RVA 00000000

Windows 8 Version 9200 MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.2.9200.16384 (win8_rtm.120725-1247)
Machine Name:
Debug session time: Tue Apr 30 18:37:57.000 2013 (UTC - 7:00)
System Uptime: not available
Process Uptime: 0 days 0:00:45.000
  Kernel time: 0 days 0:00:00.000
  User time: 0 days 0:00:00.000
*** WARNING: Unable to verify timestamp for user32.dll
*** ERROR: Module load completed but symbols could not be loaded for user32.dll
PEB at 000007f7bc254000
Unable to load image C:\Windows\System32\ntdll.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: ntdll!_PEB                                    ***
***                                                                   ***
*************************************************************************
error 3 InitTypeRead( nt!_PEB at 000007f7bc254000)...
Finished dump check
Posted by at No comments:

Wednesday, May 15, 2013

Security application
In our previous posts we talked about a security administration application that enables domain object based security. We discussed several scenarios, features, approaches, and in general discussed a UI application that would enable configuration of user and object security. Today we try to improve upon the notion of user role management and it's place in this security application. Typically many of the web applications will leave user management to administrators and tools outside the application such as the operating system applets. And integrating user management with that of system, there is a lot more features and tools available for user management. Then there are applications like SiteMinder as well for single sign-on feature.  And there are some interoperability tools that lets you configure users across platforms. Even that is being pushed to system level such as with Active Directory integration freeing up the application to do more for its business users.
Therefore unless there is a business need for security, the applications don't support these kinds of operations. There might be other reasons to require security such as when web applications do have different membership providers that keep user information in different stores such as asp.net stores, SQL stores, local file systems based store that require a common interface for management.  Moreover, there may be mobile users who may require access that needs to be secured. In such cases, the mobile applications may not be hitting the web application UI but the API interfaces. Those methods may also need to be secured for different users and applications.
Overall, there's reasons for mapping users with objects and methods.
Most times these mapping is dynamic like a decision tree or a classifier that dynamically groups users and maps them to resources. This can be a policy server where the different policies or classification rules can be registered and maintained. The policies define which groups are associated with which pool of resources. The code to associate users with groups can be a scalar user defined function that takes incoming users and groups them. These groups have no meaning inside of the system other than a scalar value. The resources are what the application knows. They can be classified into some organizational units called pools. The users are temporary and they can change often. We keep track  of more stable groups and associate users with groups. The groups can have certain privilege levels and are different from roles in that the roles are a subset of the groups but groups are what pools of resources assigned to. By having a dynamic classification mechanism, the users can be switched to one or more groups.
Policy server and access control for a user is a complex topic involving many different organizational units. Take IPSEC for network access control. There are many parameters for controlling IP security.
Posted by at No comments:

Reminder on GC

The reason Dispose() method has a Boolean parameter is to differentiate between when we are called by a finalizer versus ourselves. 
Posted by at No comments:

Tuesday, May 14, 2013

Here we discuss an implementation from previous posts to finding topics based on a set of keywords. Let us say we have a function similar() that returns a set of words that co-occur with the words in the language corpora. Let us say we have selected a set of keyword candidates in set W. 
For each of the words, we have found the similar co-occurring words and put them in a cluster. The clusters have  a root keyword and all the similar words as leaves. When two clusters share common words, the clusters are merged. So the clusters could be additive. The root word of the combined cluster is the combination of the root words of their individual clusters. Similarly the leaves of the cluster are a combination of the leaves of the individual clusters. We may have to iterate several times until we find that there are no cluster pairs that share similar words.
Posted by at No comments:

Application Settings architecture

This is a review of the application settings architecture from MSDN. A setting specified in a custom settings file and embedded as a resource in the assembly is resolved when called from a console application but not from a test project. Hence this review is for a quick recap of the underlying mechanism.
Settings are strongly typed with either application scope or user scope. The default store for the settings is the local file based system. There is support for adding custom stores by way of SettingsProvider attribute.
SettingsBase provides access to settings through a collection. ApplicationSettingsBase adds higher level loading and saving operations, support for user-scoped settings, reverting a user's settings to the predefined defaults,  upgrading settings from a previous application  and validating.
Settings use the windows form data binding architecture to provide two-way communication of settings updates between the settings object and components. Embedded resources are pulled up with Reflection.
Posted by at No comments:
Subscribe to: Posts (Atom)