Prevent methods call from unwanted assemblies

Question

I have an assembly that does some "magic" calculation, conversion and cryptography stuffs that should be used only from other assemblies of mine. Note that these assemblies have to be installed on the customer machine and so a malicious attacker has local access to them. Is there a secure way to achieve this? I think I've looked at almost everything from cas, strong name signing, windows srp, obfuscation, InternalToVisible attribute, internalize with ILMerge and so on. The problem of these approach is that they aren't completely secure if an attacker has local access to my "magic assembly". Do you have any advice for me? Is there anything else to do from Microsoft side? Thanks in advance.

Answer 1

Essentially, no. If code on the local machine can be run by one process, it can be run by any process with access the the assemblies' data. There are various ways to make it difficult but not impossible. If an attacker has access to the machine and time, you can't prevent access.

There is one way to protect yourself: don't have the code on the local machine

1. provide a remote service and call it
2. provide the software on a hardware dongle
3. use hardware encryption (like Trusted Platform Module)

Specifically for SQL connections, you could use an externally trusted connection -- like Active Directory or Kerberos. Most enterprise Sql Servers will support this. It will require your users to 'log in' to your app, but .Net supports protecting credentials in RAM

Answer 2

CanYou can try to investingate callstack How can I find the method that called the current method? and limit call to assemblies you want. I'm not a security guy but I thnik this scenerio is a bit strange, and solution to your problem may not be the thing you're currently asking for. Did you define what vulnerable data your client will have?