Introduction to Code Access Security - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Introduction to Code Access Security

Description:

.NET security is two fold. Developers must specify what privileges their app will use. Adminstrators must specify what applications can run on workstations. ... – PowerPoint PPT presentation

Number of Views:160
Avg rating:3.0/5.0
Slides: 19
Provided by: philden
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Code Access Security


1
Introduction to Code Access Security
  • Phil Denoncourt MCSD, MCDBA, MCAD, MCSE, MCSA

2
Security in Todays Businesses
  • Business are under more pressure to assure that
    their systems are secure
  • Stockholders
  • Regulatory Requirements
  • More hackers / computers / information about how
    to hack now available.
  • Information is a valuable company asset and needs
    to be protected.
  • System downtime affects productivity

3
Security in .NET
  • Security is traditionally not thought about until
    deployment phase.
  • Security is usually applied on resources files
    printers.
  • .NET secures the application, not resources
  • .NET security is two fold
  • Developers must specify what privileges their app
    will use.
  • Adminstrators must specify what applications can
    run on workstations.

4
What is Code Access Security (CAS)
  • Enables admins to control access to programs not
    files
  • Assembly informs runtime of privileges it needs,
    and runtime determines if it can run.
  • Allows you to be confident about the code you are
    executing
  • Prevents someone from inserting a shadow
    assembly, and executing bad code.
  • By default you can do nothing without privileges
  • OS security will override CAS security
  • If you dont have OS permission to a file, .NET
    wont be able to read it.

5
Concepts
  • Evidence
  • Prove to me who you are
  • CAS Policies are matched to your code based on
    various attributes (evidence) in your code.
  • Application Directory , Hash, Publisher, Site,
    URL, Zone
  • Roll your own
  • Permissions
  • Hall pass metaphor.
  • If you have the pass, you can go to the bathroom.
    If you dont have the pass, you cant
  • A task that your code is allowed to perform
  • EventLogPermission, FileIOPermission,
    OleDbPermission, RegistryPermission, UIPermission
  • Roll your own

6
.NET Configuration 1.1
7
Policy Levels
  • Three Levels Enterprise, Machine and User
  • Permission set for any given assembly is
    evaluated for each level.
  • Code is granted the minimum permission among all
    the levels.

8
Permission set
  • Straightforward a set of permissions
  • Predefined sets FullTrust, Execution, Internet,
    Nothing, Everything
  • For example Internet has following permissions
  • File Dialog, Isolated File Storage, Security,
    User Interface, Printing
  • Create your own set of permissions

9
Code groups
  • Defines a set of evidence that will contain a set
    of permissions.
  • To Create a code group
  • Give a name
  • Choose type of evidence
  • Choose permission set to associate with code group

10
Permissions
  • Define the privilege being requested
  • Without permissions, assembly can do nothing.
  • Most Permissions can control full access to
    privilege or limited access
  • Request access to all files on the filesystem or
    just c\myappssettings.ini

11
Specifying Permissions in your Code
  • Declarative Security
  • Static, compiled into assembly
  • Implemented as attributes
  • Can be applied to Assemblies, Classes or Methods
  • Imperative Security
  • Can be dynamic
  • Permission objects created in code
  • Before privilege is needed, demand method is
    called

12
Requesting Permissions
  • Allows you to specify what privileges your
    assembly needs to run.
  • RequestMinimum
  • Your app wont function without this privilege
  • RequestOptional
  • Your app can function without this privilege, but
    doesnt like to
  • RequestRefuse
  • My app is dangerous if you give me this privilege

13
Demand vs. Assert
  • Different methods of making sure privilege is
    held.
  • Demand makes sure that your method, and all other
    methods in the call stack have that privilege
  • Walks up the call stack making sure no methods
    refuse permission.
  • Assert just makes sure your method has the
    desired privilege

14
Why Request Permissions
  • Prevents your app from receiving too much
    privileges
  • Reduces amount of errorhandling you need
  • Allows admins to see what permissions your app
    needs using the Permview tool.

15
Demanding Permissions Declaratively
16
Demanding Permissions Imperatively
17
Requesting Permissions at Assembly Level
18
References
  • An Overview of Security in the .NET Framework -
    Dr. Demien Watkins
  • MSDN
  • The Security Infrastructure of the CLR Provides
    Evidence, Policy, Permissions, and Enforcement
    Services Don Box
  • MSDN
  • Managing .NET Code Access Security (CAS) Policy -
    Joe Mayo
  • CoDE Magazine
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Introduction to Code Access Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!