CAS (Code Access Security): CAS Identifies code, allows only resources & operations to do by the code for those code have permission, based on evidences.
There is set of permissions, policies can be seen with ".Net Framework Configuration" tool. Using this tool we can assign/revoke specific permissions to any code (exe).
This modal has deprecated in .Net framework 4.0
Change from .net 4.0 in security modal is granting permission depend on host, not on CAS modal.
Now, host decides permissions for any code & assign it.
Like if we are executing any assembly, windows identify, categorizes & assign permissions to it.
Code is divided in three types with respect to security
SecurityCritical: Trusted Code, have access to your system
SecurityTransparent: Untrusted Code, should not have acces to system, It must not have any direct call to Security critical code
Security Safe Critical: Used to create bridge b\w transparent and critical code, if want to call critical code from transparent code
How can we mark our code with any of above given category?
Add attributes to AssemblyInfo.cs file of project as given in below picture
If you want to use some third party dll and don't want to give that access to Security Critical code then wrap-up the third party dll with your own code and mark that Security Transparent.
Sand Boxing:
If you want to use some untrusted third party dll, then create your app domain, assign permissions to that app domain & run the third party dll under this domain, this approach is called Sandboxing.
There is set of permissions, policies can be seen with ".Net Framework Configuration" tool. Using this tool we can assign/revoke specific permissions to any code (exe).
This modal has deprecated in .Net framework 4.0
Change from .net 4.0 in security modal is granting permission depend on host, not on CAS modal.
Now, host decides permissions for any code & assign it.
Like if we are executing any assembly, windows identify, categorizes & assign permissions to it.
Code is divided in three types with respect to security
SecurityCritical: Trusted Code, have access to your system
SecurityTransparent: Untrusted Code, should not have acces to system, It must not have any direct call to Security critical code
Security Safe Critical: Used to create bridge b\w transparent and critical code, if want to call critical code from transparent code
How can we mark our code with any of above given category?
Add attributes to AssemblyInfo.cs file of project as given in below picture
If you want to use some third party dll and don't want to give that access to Security Critical code then wrap-up the third party dll with your own code and mark that Security Transparent.
If you want to use some untrusted third party dll, then create your app domain, assign permissions to that app domain & run the third party dll under this domain, this approach is called Sandboxing.
No comments:
Post a Comment