Code Access Security
   HOME

TheInfoList



Click Here for Items Related To - Code Access Security
OR:
Code Access Security on:   [Wikipedia]   [Google]   [Amazon]

Code Access Security (CAS), in the
Microsoft .NET The Microsoft .NET strategy is a marketing plan that Microsoft followed in the early 2000s. Steve Ballmer described it as the company's "most ambitious undertaking since Internet Strategy Day in 1995". In support of this strategy, between 2000 and ...
framework, is
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...
's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain
evidence Evidence for a proposition is what supports this proposition. It is usually understood as an indication that the supported proposition is true. What role evidence plays and how it is conceived varies from field to field. In epistemology, evidenc ...
for the assembly and use this to identify the code group that the assembly belongs to. A code group contains a permission set (one or more permissions). Code that performs a privileged action will perform a code access
demand In economics, demand is the quantity of a good that consumers are willing and able to purchase at various prices during a given time. The relationship between price and quantity demand is also called the demand curve. Demand for a specific item ...
which will cause the CLR to walk up the
call stack In computer science, a call stack is a stack data structure that stores information about the active subroutines of a computer program. This kind of stack is also known as an execution stack, program stack, control stack, run-time stack, or ma ...
and examine the permission set granted to the assembly of each
method Method ( grc, μέθοδος, methodos) literally means a pursuit of knowledge, investigation, mode of prosecuting such inquiry, or system. In recent centuries it more often means a prescribed process for completing a task. It may refer to: *Scien ...
in the call stack. The code groups and permission sets are determined by the administrator of the machine who defines the
security policy Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...
. Microsoft considers CAS as obsolete and discourages its use. It is also not available in .NET Core and .NET.


Evidence

Evidence can be any information associated with an assembly. The default evidences that are used by .NET code access security are: *Application directory: the directory in which an assembly resides. *Publisher: the assembly's publisher's digital signature (requires the assembly to be signed via
Authenticode Code signing is the process of digitally Digital signatures and law, signing executables and scripting language, scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process ...
). * URL: the complete URL where the assembly was launched from *Site: the hostname of the URL/Remote Domain/VPN. *Zone: the security zone where the assembly resides * Hash: a cryptographic hash of the assembly, which identifies a specific version. *Strong Name: a combination of the assembly name, version and public key of the signing key used to sign the assembly. The signing key is not an
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
certificate, but a custom key pair generated by the strong naming tool, SN.EXE or by
Visual Studio Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs including web site, websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platfor ...
. A developer can use custom evidence (so-called assembly evidence) but this requires writing a security assembly and in version 1.1 of .NET this facility does not work. Evidence based on a hash of the assembly is easily obtained in code. For example, in C#, evidence may be obtained by the following code clause: this.GetType().Assembly.Evidence


Policy

A policy is a set of expressions that uses evidence to determine a code group membership. A code group gives a permission set for the assemblies within that group. There are four policies in .NET: *Enterprise: policy for a family of machines that are part of an
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
installation. *Machine: policy for the current machine. *User: policy for the logged on user. *AppDomain: policy for the executing application domain. The first three policies are stored in
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable ...
files and are administered through the .NET Configuration Tool 1.1 (mscorcfg.msc). The final policy is administered through code for the current application domain. Code access security will present an assembly's evidence to each policy and will then take the intersection (that is the permissions common to all the generated permission sets) as the permissions granted to the assembly. By default, the Enterprise, User, and AppDomain policies give full trust (that is they allow all assemblies to have all permissions) and the Machine policy is more restrictive. Since the intersection is taken, this means that the final permission set is determined by the Machine policy. Note that the policy system has been eliminated in .NET Framework 4.0.Summary of Changes in Code Access Security
/ref>


Code group

Code groups associate a piece of evidence with a named permission set. The administrator uses the .NET Configuration Tool to specify a particular type of evidence (for example, Site) and a particular value for that evidence (for example, www.mysite.com) and then identifies the permission set that the code group will be granted.


Demands

Code that performs some privileged action will make a demand for one or more permissions. The demand makes the CLR walk the call stack and for each method the CLR will ensure that the demanded permissions are in the method's assembly's granted permissions. If the permission is not granted then a security exception is thrown. This prevents downloaded code from performing privileged actions. For example, if an assembly is downloaded from an untrusted site the assembly will not have any file IO permissions and so if this assembly attempts to access a file, will throw an exception preventing the call.


References


Understanding .NET SecurityCode Access Security Policy Tool (Caspol.exe)
{{Common Language Infrastructure Common Language Infrastructure Microsoft Windows security technology Cryptographic protocols