SlideShare a Scribd company logo
1 of 15
CLR 4
Why Implement CAS?



                             Web App running with full trust



    File Upload




            Malicious Code
File Dialog


Environment
                            Printing
 Variables



              Assembly
Internet        Local Intranet    Nothing

• File Dialog      • Environment
• Isolated           Variables
  Storage File     • File Dialog
• Security         • Isolated
• User Interface     Storage File
• Printing         • Reflection
                   • Security
                   • User Interface
                   • DNS
                   • Printing
Assembly

Application   Publisher                              Strong
                          URL   Site   Zone   Hash
 Directory                                           Name
Permission   Membership
                          Code Group
   Set        Condition
Code Group A Membership
                           Conditions



Assembly Evidence       Code Group B
                     Membership Conditions



                        Code Group C
                     Membership Conditions
Assembly A   X Assembly A                  X .NET 2.0

.NET 1.1




                             X Assembly A
Permissions Check
App Domain Permissions – Full Trust


Main

Foo

             App Domain Permissions - Internet




                     Bar

                 File Read
-Heterogeneous App domain not possible now
        - Assemblies with lower trust level could upgrade
        themselves to a higher trust level by calling partially trusted
        assemblies
-App domains previously had to be loaded after CAS was in place.
 Static
       Analysis Possible
 Sandboxing Easier
 No permission set overlap due to heterogeneous
  app domains
 Permission grant sets not machine dependent
 Assembly with a lower trust level can not call an
  assembly with higher trust level and upgrade

More Related Content

Viewers also liked

херсонська мапа округів
херсонська мапа округівхерсонська мапа округів
херсонська мапа округівOlena Ursu
 
Tasks!!!!
Tasks!!!!Tasks!!!!
Tasks!!!!ajeetrs
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estoniaCarl Custav
 
Презентація офіційного сайту Вінницької міської ради.
Презентація офіційного сайту Вінницької міської ради.Презентація офіційного сайту Вінницької міської ради.
Презентація офіційного сайту Вінницької міської ради.Olena Ursu
 
воспитание патриотизма на уроках иностранного языка
воспитание патриотизма на уроках иностранного языкавоспитание патриотизма на уроках иностранного языка
воспитание патриотизма на уроках иностранного языкаDemanessa
 
Презентація від КП "Міськоформлення", м. Кременчук
Презентація від КП "Міськоформлення", м. КременчукПрезентація від КП "Міськоформлення", м. Кременчук
Презентація від КП "Міськоформлення", м. КременчукOlena Ursu
 
Bartender's Bash 2012 - Springfield MO
Bartender's Bash 2012 - Springfield MOBartender's Bash 2012 - Springfield MO
Bartender's Bash 2012 - Springfield MOMajor Brands
 
Documentos DE CONDUCION ECONOMICA
Documentos DE CONDUCION ECONOMICA Documentos DE CONDUCION ECONOMICA
Documentos DE CONDUCION ECONOMICA Raf Alv
 
My opinion on boom placer
My opinion on boom placerMy opinion on boom placer
My opinion on boom placerNitin Kumar
 
January February
January FebruaryJanuary February
January Februarynoel6354
 

Viewers also liked (19)

херсонська мапа округів
херсонська мапа округівхерсонська мапа округів
херсонська мапа округів
 
Tasks!!!!
Tasks!!!!Tasks!!!!
Tasks!!!!
 
9. bartoshyk
9. bartoshyk9. bartoshyk
9. bartoshyk
 
Divisibility
DivisibilityDivisibility
Divisibility
 
Subsets
SubsetsSubsets
Subsets
 
Mitarbeiter Porträts - bemü ag däniken
Mitarbeiter Porträts - bemü ag dänikenMitarbeiter Porträts - bemü ag däniken
Mitarbeiter Porträts - bemü ag däniken
 
Look Who's Talking
Look Who's TalkingLook Who's Talking
Look Who's Talking
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estonia
 
Презентація офіційного сайту Вінницької міської ради.
Презентація офіційного сайту Вінницької міської ради.Презентація офіційного сайту Вінницької міської ради.
Презентація офіційного сайту Вінницької міської ради.
 
Shaping sheet ptsd
Shaping sheet ptsdShaping sheet ptsd
Shaping sheet ptsd
 
Swissknife2
Swissknife2Swissknife2
Swissknife2
 
воспитание патриотизма на уроках иностранного языка
воспитание патриотизма на уроках иностранного языкавоспитание патриотизма на уроках иностранного языка
воспитание патриотизма на уроках иностранного языка
 
Sit, stay, good art
Sit, stay, good artSit, stay, good art
Sit, stay, good art
 
Презентація від КП "Міськоформлення", м. Кременчук
Презентація від КП "Міськоформлення", м. КременчукПрезентація від КП "Міськоформлення", м. Кременчук
Презентація від КП "Міськоформлення", м. Кременчук
 
Bartender's Bash 2012 - Springfield MO
Bartender's Bash 2012 - Springfield MOBartender's Bash 2012 - Springfield MO
Bartender's Bash 2012 - Springfield MO
 
Documentos DE CONDUCION ECONOMICA
Documentos DE CONDUCION ECONOMICA Documentos DE CONDUCION ECONOMICA
Documentos DE CONDUCION ECONOMICA
 
My opinion on boom placer
My opinion on boom placerMy opinion on boom placer
My opinion on boom placer
 
January February
January FebruaryJanuary February
January February
 
Barcelona syllabus 2015
Barcelona syllabus 2015Barcelona syllabus 2015
Barcelona syllabus 2015
 

Similar to Code accesssecurity

Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012   dave jilk - multi-tenancy in paa s (distribution version)Up 2012   dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Khazret Sapenov
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure  to Enable Data Analysis CollaborationThe Efficient Use of Cyberinfrastructure  to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis CollaborationCybera Inc.
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 
Zend In The Cloud
Zend In The CloudZend In The Cloud
Zend In The Cloudphptechtalk
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseScott Sutherland
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the CloudWSO2
 
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2ukdpe
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availabilitydataplex systems limited
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 
The state of packaged web apps
The state of packaged web appsThe state of packaged web apps
The state of packaged web appsCristiano Betta
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAmazon Web Services
 
Mike Taulty TechDays 2010 Silverlight 4 - What's New?
Mike Taulty TechDays 2010 Silverlight 4 - What's New?Mike Taulty TechDays 2010 Silverlight 4 - What's New?
Mike Taulty TechDays 2010 Silverlight 4 - What's New?ukdpe
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 

Similar to Code accesssecurity (20)

Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012   dave jilk - multi-tenancy in paa s (distribution version)Up 2012   dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
 
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure  to Enable Data Analysis CollaborationThe Efficient Use of Cyberinfrastructure  to Enable Data Analysis Collaboration
The Efficient Use of Cyberinfrastructure to Enable Data Analysis Collaboration
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Zend In The Cloud
Zend In The CloudZend In The Cloud
Zend In The Cloud
 
Thick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash CourseThick Application Penetration Testing: Crash Course
Thick Application Penetration Testing: Crash Course
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2
Mike Taulty DevDays 2010 Silverlight 4 - What's New Part 2
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availability
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-Day
 
Day CRX Introduction
Day CRX IntroductionDay CRX Introduction
Day CRX Introduction
 
The state of packaged web apps
The state of packaged web appsThe state of packaged web apps
The state of packaged web apps
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Mike Taulty TechDays 2010 Silverlight 4 - What's New?
Mike Taulty TechDays 2010 Silverlight 4 - What's New?Mike Taulty TechDays 2010 Silverlight 4 - What's New?
Mike Taulty TechDays 2010 Silverlight 4 - What's New?
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 

Recently uploaded

定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一
 定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一 定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一
定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一Fs sss
 
Gray Gold Clean CV Resume2024tod (1).pdf
Gray Gold Clean CV Resume2024tod (1).pdfGray Gold Clean CV Resume2024tod (1).pdf
Gray Gold Clean CV Resume2024tod (1).pdfpadillaangelina0023
 
frfefeferfefqfeferc2012 Report Out Slides Final.ppt
frfefeferfefqfeferc2012 Report Out Slides Final.pptfrfefeferfefqfeferc2012 Report Out Slides Final.ppt
frfefeferfefqfeferc2012 Report Out Slides Final.pptSURYAKANTSAHDEO
 
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士obuhobo
 
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdfobuhobo
 
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service Cuttack
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service CuttackVIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service Cuttack
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service CuttackSuhani Kapoor
 
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Service
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts ServiceCall Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Service
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Servicejennyeacort
 
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一z xss
 
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service Cuttack
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service CuttackVIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service Cuttack
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service CuttackSuhani Kapoor
 
Black and White Minimalist Co Letter.pdf
Black and White Minimalist Co Letter.pdfBlack and White Minimalist Co Letter.pdf
Black and White Minimalist Co Letter.pdfpadillaangelina0023
 
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...Suhani Kapoor
 
Digital Marketing Training Institute in Mohali, India
Digital Marketing Training Institute in Mohali, IndiaDigital Marketing Training Institute in Mohali, India
Digital Marketing Training Institute in Mohali, IndiaDigital Discovery Institute
 
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)obuhobo
 
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...Suhani Kapoor
 
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一2s3dgmej
 
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...Suhani Kapoor
 
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改yuu sss
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxJenniferPeraro1
 
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012rehmti665
 

Recently uploaded (20)

定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一
 定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一 定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一
定制(UOIT学位证)加拿大安大略理工大学毕业证成绩单原版一比一
 
Gray Gold Clean CV Resume2024tod (1).pdf
Gray Gold Clean CV Resume2024tod (1).pdfGray Gold Clean CV Resume2024tod (1).pdf
Gray Gold Clean CV Resume2024tod (1).pdf
 
frfefeferfefqfeferc2012 Report Out Slides Final.ppt
frfefeferfefqfeferc2012 Report Out Slides Final.pptfrfefeferfefqfeferc2012 Report Out Slides Final.ppt
frfefeferfefqfeferc2012 Report Out Slides Final.ppt
 
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士
内布拉斯加大学林肯分校毕业证录取书( 退学 )学位证书硕士
 
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf
加利福尼亚大学伯克利分校硕士毕业证成绩单(价格咨询)学位证书pdf
 
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service Cuttack
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service CuttackVIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service Cuttack
VIP Call Girl Cuttack Aashi 8250192130 Independent Escort Service Cuttack
 
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Service
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts ServiceCall Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Service
Call Girls In Bhikaji Cama Place 24/7✡️9711147426✡️ Escorts Service
 
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
定制(SCU毕业证书)南十字星大学毕业证成绩单原版一比一
 
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service Cuttack
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service CuttackVIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service Cuttack
VIP Call Girls in Cuttack Aarohi 8250192130 Independent Escort Service Cuttack
 
Black and White Minimalist Co Letter.pdf
Black and White Minimalist Co Letter.pdfBlack and White Minimalist Co Letter.pdf
Black and White Minimalist Co Letter.pdf
 
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...
VIP Call Girls Firozabad Aaradhya 8250192130 Independent Escort Service Firoz...
 
Digital Marketing Training Institute in Mohali, India
Digital Marketing Training Institute in Mohali, IndiaDigital Marketing Training Institute in Mohali, India
Digital Marketing Training Institute in Mohali, India
 
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)
阿德莱德大学本科毕业证成绩单咨询(书英文硕士学位证)
 
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...
VIP High Profile Call Girls Jamshedpur Aarushi 8250192130 Independent Escort ...
 
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
定制(NYIT毕业证书)美国纽约理工学院毕业证成绩单原版一比一
 
Young Call~Girl in Pragati Maidan New Delhi 8448380779 Full Enjoy Escort Service
Young Call~Girl in Pragati Maidan New Delhi 8448380779 Full Enjoy Escort ServiceYoung Call~Girl in Pragati Maidan New Delhi 8448380779 Full Enjoy Escort Service
Young Call~Girl in Pragati Maidan New Delhi 8448380779 Full Enjoy Escort Service
 
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...
VIP Call Girls Service Jamshedpur Aishwarya 8250192130 Independent Escort Ser...
 
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改
办澳洲詹姆斯库克大学毕业证成绩单pdf电子版制作修改
 
Issues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptxIssues in the Philippines (Unemployment and Underemployment).pptx
Issues in the Philippines (Unemployment and Underemployment).pptx
 
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Mukherjee Nagar Delhi reach out to us at ☎ 9711199012
 

Code accesssecurity

  • 2. Why Implement CAS? Web App running with full trust File Upload Malicious Code
  • 3. File Dialog Environment Printing Variables Assembly
  • 4. Internet Local Intranet Nothing • File Dialog • Environment • Isolated Variables Storage File • File Dialog • Security • Isolated • User Interface Storage File • Printing • Reflection • Security • User Interface • DNS • Printing
  • 5. Assembly Application Publisher Strong URL Site Zone Hash Directory Name
  • 6. Permission Membership Code Group Set Condition
  • 7. Code Group A Membership Conditions Assembly Evidence Code Group B Membership Conditions Code Group C Membership Conditions
  • 8. Assembly A X Assembly A X .NET 2.0 .NET 1.1 X Assembly A
  • 10. App Domain Permissions – Full Trust Main Foo App Domain Permissions - Internet Bar File Read
  • 11. -Heterogeneous App domain not possible now - Assemblies with lower trust level could upgrade themselves to a higher trust level by calling partially trusted assemblies -App domains previously had to be loaded after CAS was in place.
  • 12.
  • 13.
  • 14.
  • 15.  Static Analysis Possible  Sandboxing Easier  No permission set overlap due to heterogeneous app domains  Permission grant sets not machine dependent  Assembly with a lower trust level can not call an assembly with higher trust level and upgrade

Editor's Notes

  1. Code access security is not implemented to prevent you from performing illegal operations through your code. It is implemented to make sure somebody using your application (website/dll/…) does not get privilege to perform an illegal operation. For example, somebody could upload a file containing malicious code to your website running under full trust. If this file is uploaded to the server root and made available through a link, the user could simply access the link and run the file.
  2. Every application (website/dll…) can have a certain set of permissions attached to it. For example, if you have a simple webpage that performs currency conversion, it does not need file dialog permissions. However, a form that allows you to upload your profile picture on facebook would need file dialog permissions. Every application can be analyzed to figure out the exact and minimal permission set required for proper functioning.
  3. While defining code access security, the first thing to set up is permission sets. New permission sets can be created as per requirements or existing permission sets can be used for defining the boundaries of your application. Some of the existing permission sets that are created by default are shown. A permission set can also be empty – indicating that the application(s) to which this permission set is assigned has no permissions at all. Such an application would not be able to run.
  4. In order to assign a permission set to an assembly, certain criteria has to be met. For example, I can say that I want permission set “Everything” to be assigned to all local applications (running from my own system). The runtime security now has to figure out whether an assembly that is trying to run is local. Thus, there is a need for attaching some sort of metadata to all assemblies, which acts as evidence for that assembly. The assembly has to provide evidence of before runtime security judges it and assigns permissions to it. This metadata can include the Application Directory, Publisher, URL (from which the application is running), Site, Zone, Hash, and SN – as shown.
  5. The permission set along with the membership condition (evidence needed to deserve that permission set) form a code group.
  6. As discussed, when an assembly tries to run, it’s evidence is compared with the membership conditions and accordingly, the appropriate code group and its permission set are assigned to that assembly.
  7. Some of the drawbacks of this security model (followed till.NET 3.5) were:Security policies had to be set independently for all systems. Thus, if your application was moved from one system to another with different CAS settings, there were chances of your application not working.Even if the default settings for CAS were used, there were chances that moving your application from a system using .NET 1.1 to the one using .NET 2.0 would break it.Moving an application from the local system to a share on the network could also change the permission set assigned, as then the application evidence would change to reflect the “network” zone instead of “local”.
  8. In CLR 4, the permission check is now performed at the host level instead of the CLR level. Policies are no longer validated at the CLR level. If the host assigns a certain set of permissions to an assembly, the CLR accepts the same. Some examples of hosts are ASP.NET and SQL CLR. These hosts are now responsible for loading their applications in appropriate sandboxes, which have appropriate permissions assigned to them.
  9. Earlier (.NET 1.1/2.0/3.5) when the file read operation in App Domain B was encountered, a permission check used to be stack traced right to the Main function of App Domain A. Not so now. For CLR 4, an App Domain independently has its own permission sets. Thus, for CLR 4, when the File Read operation for App Domain B is called, the permission stack trace would check permissions on Bar, Domain B, and then stop. If either of the checks along the stack trace fail, this file read operation would not be permitted.
  10. These are the transparency levels for CLR 4. These can be compared to full-trust and partial trust. However, every piece of code can now be one of the three:Transparent (minimal permissions assigned, highly un-trusted)Safe critical (bridge between transparent and critical code)Critical (maximum permissions assigned, thus, most trusted)
  11. According to the new CAS model, a piece of code that is security transparent (un-trusted and with least permissions) cannot directly call a Security Critical (full trust) code. The security safe critical code acts as a bridge between these two types of code. Safe critical code generally contains all verification logic which ensures that a piece of security transparent code that is trying to call a security critical code actually deserves to be permitted. Thus, if a security transparent code does not have file I/O permissions and it is trying to call a security critical code which does have these permissions, this request would not go through. A piece of code is not allowed to upgrade it’s permission set.