CLR 4

Why Implement CAS?

Web App running with full trust

Malicious Code

File Upload

Assembly

Environment Variables

File Dialog

Printing

Internet

• File Dialog

• Isolated Storage File

• Security

• User Interface

• Printing

Local Intranet

• Environment Variables

• File Dialog

• Isolated Storage File

• Reflection

• Security

• User Interface

• DNS

• Printing

Nothing

Assembly

Application Directory

PublisherURL Site Zone Hash

Strong Name

Permission Set

Membership Condition

Code Group

Assembly Evidence

Code Group A Membership

Conditions

Code Group B

Membership Conditions

Code Group C

Membership Conditions

Assembly A X Assembly A

X Assembly A

X .NET 2.0

.NET 1.1

Permissions Check

Main

Foo

Bar

File Read

App Domain Permissions - Internet

App Domain Permissions – Full Trust

-Heterogeneous App domain not possible now

- Assemblies with lower trust level could upgrade

themselves to a higher trust level by calling partially trusted

assemblies

-App domains previously had to be loaded after CAS was in place.

Static Analysis Possible

Sandboxing Easier

No permission set overlap due to heterogeneous

app domains

Permission grant sets not machine dependent

Assembly with a lower trust level can not call an

assembly with higher trust level and upgrade