About varocarbas.com

--

About me

--

Contact me

--

Visit customsolvers.com, another side of my work

--

Valid markup

--

Valid CSS

--

© 2015-2017 Alvaro Carballo Garcia

--

URL friendly

--

Optimised for 1920x1080 - Proudly mobile unfriendly

R&D projects RSS feed

All projects in full-screen mode

PDFs:

Project 10

Project 9

Project 8

FlexibleParser code analysis:

UnitParser

NumberParser

Tools:

Chromatic encryption

(v. 1.3)

Pages in customsolvers.com:

Upcoming additions

Failed projects

Active crawling bots:

Ranking type 2

(
)

Currently active or soon to be updated:

Domain ranking

FlexibleParser (DateParser)

NO NEW PROJECTS:
Project 10 is expected to be the last formal project of varocarbas.com. I will continue using this site as my main self-promotional R&D-focused online resource, but by relying on other more adequate formats like domain ranking.
Note that the last versions of all the successfully completed projects (5 to 10) will always be available.
PROJECT 8
Completed (26 days)
Completed (47 days)
Completed (19 days)
Completed (14 days)
Security implications of open CoreCLR (CoreRun.exe)
Completed on 05-Feb-2016 (26 days) -- Updated on 23-Nov-2016

Some of the conclusions of this project aren't applicable anymore.
To know more about all this, read "OVER-8-MONTH-LATER UPDATE" in the Open .NET & CoreCLR section.

Project 8 in full-screenProject 8 in PDF

As explained in the previous section, a CoreRun.exe-based threat is very unlikely to happen due to the associated difficulties. No real threat means no problem and, consequently, no solution is strictly required.

Nevertheless, the following ideas can further improve CoreRun.exe's security:
  • Constraining its utilisation even more. For example: being able to only deal with executables built on a specific .NET version or to only be run on certain Windows version.
  • Exclusively dealing with properly-identified .NET executables. They might be identified by forcing some of its defining features to meet specific conditions (e.g., including certain copyright reference or version).
  • Rather than releasing a standalone application and its source code, relying on a cloud-based approach. It might consist in a simple webpage accepting the given inputs (i.e., .NET executable and modified libraries) and delivering the final result (i.e., what is output by this executable when relying on the modified libraries).