Code Access Security

Code Access Security

Code Access Security (CAS), in the Microsoft .NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the code group that the assembly belongs to. A code group contains a permission set (one or more permissions). Code that performs a privileged action will perform a code access demand which will cause the CLR to walk up the call stack and examine the permission set granted to the assembly of each method in the call stack. The code groups and permission sets are determined by the administrator of the machine who defines the security policy.

Contents

Evidence

Evidence can be any information associated with an assembly. The default evidences that are used by .NET code access security are:

  • Application directory - The directory in which an assembly resides.
  • Publisher - The assembly's publisher's digital signature (requires the assembly to be signed via Authenticode).
  • URL - the complete URL where the assembly was launched from
  • Site - The hostname of the URL/Remote Domain/VPN.
  • Zone - the security zone where the assembly resides
  • Hash - a cryptographic hash of the assembly, which identifies a specific version.
  • Strong Name - a combination of the assembly name, version and public key of the signing key used to sign the assembly. The signing key is not an X509 certificate, but a custom key pair generated by the strong naming tool, SN.EXE or by Visual Studio.

A developer can use custom evidence (so-called assembly evidence) but this requires writing a security assembly and in version 1.1 of .NET this facility does not work.

Evidence based on a hash of the assembly is easily obtained in code. For example in C#, evidence may be obtained by the following code clause:

this.GetType().Assembly.Evidence

Policy

A policy is a set of expressions that uses evidence to determine a code group membership. A code group gives a permission set for the assemblies within that group. There are four policies in .NET:

  • Enterprise - policy for a family of machines that are part of an Active Directory installation.
  • Machine - policy for the current machine.
  • User - policy for the logged on user.
  • AppDomain - policy for the executing application domain.

The first three policies are stored in XML files and are administered through the .NET Configuration Tool 1.1 (mscorcfg.msc). The final policy is administered through code for the current application domain.

Code access security will present an assembly's evidence to each policy and will then take the intersection (that is the permissions common to all the generated permission set) as the permissions granted to the assembly.

By default, the Enterprise, User, and AppDomain policies give full trust (that is they allow all assemblies to have all permissions) and the Machine policy is more restrictive. Since the intersection is taken this means that the final permission set is determined by the Machine policy.

Note that the policy system has been eliminated in .NET Framework 4.0.[1]

Code group

Code groups associate a piece of evidence with a named permission set. The administrator uses the .NET Configuration Tool to specify a particular type of evidence (for example, Site) and a particular value for that evidence (for example, www.mysite.com) and then identifies the permission set that the code group will be granted.

Demands

Code that performs some privileged action will make a demand for one or more permissions. The demand makes the CLR walk the call stack and for each method the CLR will ensure that the demanded permissions are in the method's assembly's granted permissions. If the permission is not granted then a security exception is thrown. This prevents downloaded code from performing privileged actions. For example, if an assembly is downloaded from an untrusted site the assembly will not have any file IO permissions and so if this assembly attempts to access a file code access security will throw an exception preventing the call.

References

  1. ^ http://msdn.microsoft.com/en-us/library/ff527276.aspx
v · d · e.NET Framework
Architecture
CLI Languages
Common1
Other2
Axum · A# · Boo · Cobra · M · Oxygene  · IronScheme (IronLisp· IronPython · IronRuby · Nemerle · Phalanger · P#
Components
Other implementations
Comparisons
Upcoming
"Jasper" · "Roslyn"
Past
"Acropolis"
Tools
1 Languages that are, will be, or have been included with Visual Studio or Microsoft Windows.
2 Non-academic or research languages with relatively large user-bases.

Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Code Access Security — (CAS) ist das Sicherheitsmodell in Microsofts .NET Framework und stellt Microsofts Lösung dar, nicht privilegierten und nicht vertrauten Code an der Ausführung sicherheitskritischer Aktionen zu hindern. Wird eine Assembly durch die Common… …   Deutsch Wikipedia

  • Code Access Security — Code Access Security  механизм защиты, позволяющий ограничивать доступ коду к ресурсам компьютера. Используется в среде .NET Framework. Используется для определения разрешений и установки прав доступа к различным системным ресурсам,… …   Википедия

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • code — [kəʊd ǁ koʊd] noun 1. [countable] LAW a complete set of written rules or laws: • Each state in the US has a different criminal and civil code. ˈbuilding code [countable] LAW a set of rules that states what features a new building, bridge etc… …   Financial and business terms

  • Access control — is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical… …   Wikipedia

  • Security guard — Private factory guard Occupation Activity sectors Security Description A security guard (or security officer) is a person who is paid to protect pro …   Wikipedia

  • Code injection — is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or inject ) code into a computer program to change the course of execution. The results of a code injection… …   Wikipedia

  • Managed Code — NET Framework Basisdaten Entwickler: Microsoft Aktuelle Version …   Deutsch Wikipedia

  • Unmanaged Code — NET Framework Basisdaten Entwickler: Microsoft Aktuelle Version …   Deutsch Wikipedia

  • Code signing — is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Code signing can provide several valuable …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”