Code accesssecurity
-
Upload
meenakshi-kumar -
Category
Career
-
view
462 -
download
0
Transcript of Code accesssecurity
![Page 1: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/1.jpg)
CLR 4
![Page 2: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/2.jpg)
Why Implement CAS?
Web App running with full trust
Malicious Code
File Upload
![Page 3: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/3.jpg)
Assembly
Environment Variables
File Dialog
Printing
![Page 4: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/4.jpg)
Internet
• File Dialog
• Isolated Storage File
• Security
• User Interface
• Printing
Local Intranet
• Environment Variables
• File Dialog
• Isolated Storage File
• Reflection
• Security
• User Interface
• DNS
• Printing
Nothing
![Page 5: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/5.jpg)
Assembly
Application Directory
PublisherURL Site Zone Hash
Strong Name
![Page 6: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/6.jpg)
Permission Set
Membership Condition
Code Group
![Page 7: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/7.jpg)
Assembly Evidence
Code Group A Membership
Conditions
Code Group B
Membership Conditions
Code Group C
Membership Conditions
![Page 8: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/8.jpg)
Assembly A X Assembly A
X Assembly A
X .NET 2.0
.NET 1.1
![Page 9: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/9.jpg)
Permissions Check
![Page 10: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/10.jpg)
Main
Foo
Bar
File Read
App Domain Permissions - Internet
App Domain Permissions – Full Trust
![Page 11: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/11.jpg)
-Heterogeneous App domain not possible now
- Assemblies with lower trust level could upgrade
themselves to a higher trust level by calling partially trusted
assemblies
-App domains previously had to be loaded after CAS was in place.
![Page 12: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/12.jpg)
![Page 13: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/13.jpg)
![Page 14: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/14.jpg)
![Page 15: Code accesssecurity](https://reader036.fdocuments.us/reader036/viewer/2022081401/55a0f9d71a28ab96398b4703/html5/thumbnails/15.jpg)
Static Analysis Possible
Sandboxing Easier
No permission set overlap due to heterogeneous
app domains
Permission grant sets not machine dependent
Assembly with a lower trust level can not call an
assembly with higher trust level and upgrade