Simplest way to prevent someone from loading my managed assembly?

Question

.Net security noob here... What is the simplest way to prevent someone else from loading my assembly?

Background: Although I am really looking for just 'good enough' protection (with enough time/money/smarts someone can successfully crack, hack and attack), this seems like it should already be a solved problem and I'm just missing it.

Here is what I (think) I know:

1. While strong naming can be used a layer of security, it wasn't necessarily intended to be, according to this microsoft documentation (see Warning: Do not rely on strong names for security. They provide a unique identity only.)

   On that^ note I have encountered situations where I wasn't able to load a third party assembly (Aspose I think it was) because they did not sign their assemblies, however all of mine were. So I had to ildasm their assembly, sign it with our own snk, then ilasm back) in order to use their library. So, strong naming doesn't seem like a good security mechanism to me. HOWEVER...what about a simple check, in code, to verify that the calling assembly is signed with the my public key token? Is this effective enough?

2. If strong naming shouldn't be used for what I'm trying to accomplish, is implementing an Authenticode digital signature check on the dll the better a route (seems wintrust.dll can help with this)?

   I've been going through a several vendors' tooling for obfuscation and many come with licensing and all kinds of stuff. I will likely use a little bit of obfuscation to hide some sensitive parts, however I would still like to have a mechanism for preventing someone from loading my sensitive library, without having to use features such as string and code encryption, which often come with performance (and other) costs.

So back to the question, What is the simplest way to prevent someone from loading my assembly?

Answer 1

In fact you cannot provide 100% guaranty that your assembly won't be downloaded and used in a bad way. But some measures can help you:

1. Signing your installation package (msi). You need for this a SSL certificate. Users will see the publisher of downloaded files while installation process. If your installation package is modified – signing will be broken and user while installation will see that app is from Unknown publisher or other publisher than you.
2. Strong assembly naming allows you to prevent library substitution onto another “bad” library. Let’s consider the next scenario: You deployed your app with library A to some server or a user installed your app onto his/her computer. Without strong name a library A or any others can be substituted or modified by some code onto another version. This new version, for instance, can sends all user passwords somewhere or do another malicious actions. If one library was changed .Net while downloading it will throw strong name validation exception. So, your app will be broken. Malicious code should recompile all app libraries in order to make app working. It's harder.
3. Obfuscation is also a very important thing which allows to do very hard or even impossible understanding what’s going on inside assembly (code renaming, string encryption and so on).
4. If you have some very critical intellectual code it’s better to rewrite it into native (C/C++) code.
5. If your app is a mobile or desktop app and it makes backend request you can move important code to server side.

Answer 2

Obvious, but maybe not so helpful: the simplest way is to delete the assembly.