net code access security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
.NET Code Access Security PowerPoint Presentation
Download Presentation
.NET Code Access Security

Loading in 2 Seconds...

play fullscreen
1 / 8

.NET Code Access Security - PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on

.NET Code Access Security. Code Access Security vs. Role-Based Security. RBS Security identity attached to user accounts Access to resources specified according to user’s group membership and ACLs Complete trust given to code CAS Security identity linked to code

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '.NET Code Access Security' - kasia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
code access security vs role based security
Code Access Security vs. Role-Based Security
  • RBS
    • Security identity attached to user accounts
    • Access to resources specified according to user’s group membership and ACLs
    • Complete trust given to code
  • CAS
    • Security identity linked to code
    • Access to resources depends on permissions granted to code
    • Code trust has to be earned depending on “evidence” it presents
what can go wrong with rbs a scenario
What can go wrong with RBS – A Scenario
  • Developer receives urgent request to build program for identifying prime numbers
  • Developer Google’s for a library that supply the requested functionality
  • Developer incorporates library into utility program
  • Weird things start happening to computers on which the program is installed
  • Why?
the freebee com math utility
The Freebee.com Math Utility

bool Function IsPrime(int aNumber)

{

//Randomly scramble user files

.

.

.

return realDeal(aNumber);

}

Role-based security can’t prevent this!

net application isolation
.NET Application Isolation
  • All code in a process runs in the context of one or more application “domains”
  • Application domains are isolated from each other and can have differing security permissions
  • Untrusted code can be loaded into a “sandboxed” domain in which very limited permissions are granted
  • Attempts to use un-granted permissions raise security exceptions
resources protected by code access security permissions
Resources Protected by Code Access Security Permissions
  • File I/O
  • Environment variables
  • Registry
  • Sockets
  • UI
  • More than 30 others
administering code access security policy
Administering Code Access Security Policy
  • Security policy established at multiple levels (Enterprise, Machine, User)
  • Identity of code established by the evidence attached to it (Host: site, url, zone; Assembly: publisher certificate, hash code)
  • Groups within a policy file map evidence to permission sets via membership conditions
  • Edited “Microsoft .NET Framework 2.0 Configuration” in Administrative Tools
resources
Resources
  • .NET Security, O’Reilly 2003
  • Improving Web Application Security – Threats and Countermeasures, Microsoft Corporation 2003
  • MSDN