Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7. Permissions Programming.Net Security, O’Reilly Publishers.

Published byMarion Francis Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 7. Permissions Programming.Net Security, O’Reilly Publishers."— Presentation transcript:

1 Chapter 7. Permissions Programming.Net Security, O’Reilly Publishers

2 Granting Permissions CAS: Code Access Security Method 1: Map: Evidence to grants Types of evidence: Application directory, hash value of the assembly, publisher, site, URL, Internet explorer security zone Method 2: Identity permissions

3 Requesting Permissions Request for minimum permissions: assembly is not loaded if these are not possible Requesting optional permissions (in addition to the minimum): assembly is loaded but it is up to the assembly to handle situations where it does not have Refusing permissions: Permissions that a runtime must never grant

4 Permission Types Code access permissions: To represent actions and resoirces that are subject to security control E.g., System.Data.Common, System.Data.Odbc, System.Diagnsotics, System.DirectoryServices, Syste.Drawing.Printing, System.Net, System.Security.Permissions, etc.

5 Identity permissions: Represent certain types of host evidence an assembly presents to the runtime at load time. Types: Publisher, Site, StringName, Url, Zone Examples: To allow any code from the Local Intranet security zone to access your method To run your application only if it is executed from the website www.cs.odu.edu

6 Enforcing Code-access Security When loading an assembly, the.Net runtime evaluates an assembly, and determines what permissions to grant. A permissions object is created and assigned to the assembly. When the application calls for system service such as deleting a file, the delete method creates a FileIoPermission object that describes permissions needed to carry out the requested operation. Runtime checks the application’s permissions with those required. Answer is either a confirmation to the called method or an exception.

7 Stack Walks In case there is a chain of threads that resulted in a final call to the method, run time checks the permissions of all the threads involved in the call, not just the one that last called. It walks up the stack, from the most recent to the least recent

8 Overriding a Stack walk Assert: A layer vouches for all layers above it Eny: Opposite of assert PermitOnly: similar to dent but lets it limit the permissions

9 Security Statement Syntax Imperative security statements---appear in the body of programmer’s methods and functions and are hence part of the code in the assembly These can be used in conjunction with the normal program control constructs such as conditional and iterative statements Declarative security statements: Expressed using attributes which are compiled to form an assembly’s metadata

Download ppt "Chapter 7. Permissions Programming.Net Security, O’Reilly Publishers."

Similar presentations

Security for Developers Code Access Security Steven Borg & Richard Hundhausen Accentient, Inc.

Security for Developers Code Access Security Steven Borg & Richard Hundhausen Accentient, Inc.
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Ahead of Time Dynamic Translation PreJit/NGEN by any other name George Bosworth Microsoft MRE04 March 21, 2004.

Ahead of Time Dynamic Translation PreJit/NGEN by any other name George Bosworth Microsoft MRE04 March 21, 2004.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 17 Secure Coding in Java and.NET Part 2: Code Access Control.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 17 Secure Coding in Java and.NET Part 2: Code Access Control.
Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.

An Introduction to Java Programming and Object- Oriented Application Development Chapter 8 Exceptions and Assertions.
Security and the.NET Framework. Code Access Security Enforces security policy on code  Regardless of user running the code  Regardless of whether the.

Security and the.NET Framework. Code Access Security Enforces security policy on code  Regardless of user running the code  Regardless of whether the.
Liang, Introduction to Java Programming, Fifth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 17 Exceptions and.

Liang, Introduction to Java Programming, Fifth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 17 Exceptions and.
Chapter 8 Exceptions. Topics Errors and Exceptions try-catch throwing Exceptions Exception propagation Assertions.

Chapter 8 Exceptions. Topics Errors and Exceptions try-catch throwing Exceptions Exception propagation Assertions.
 2006 Pearson Education, Inc. All rights reserved. 1 5 5 Control Statements: Part 2.

 2006 Pearson Education, Inc. All rights reserved Control Statements: Part 2.
Security in.NET Jørgen Thyme Microsoft Denmark. Topics & non-topics  Cryptography  App domains  Impersonation / delegation  Authentication  Authorization.

Security in.NET Jørgen Thyme Microsoft Denmark. Topics & non-topics  Cryptography  App domains  Impersonation / delegation  Authentication  Authorization.
Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.

Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.
ASP.Net Security: Fundamentals Chapters 1-4 Freeman and Jones Book.

ASP.Net Security: Fundamentals Chapters 1-4 Freeman and Jones Book.
Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.

Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.
.NET Code security including 4.0 & Tools Jon C. Arce

.NET Code security including 4.0 & Tools Jon C. Arce
Module 15 Configuring and Deploying Windows Client Applications.

Module 15 Configuring and Deploying Windows Client Applications.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Deployment of web Site. Preparing the web site for deployment you now have two versions of web site 1 -one running in the production environment 2-one.

Deployment of web Site. Preparing the web site for deployment you now have two versions of web site 1 -one running in the production environment 2-one.
Java Software Solutions Foundations of Program Design Sixth Edition

Java Software Solutions Foundations of Program Design Sixth Edition
Preventing and Correcting Errors

Preventing and Correcting Errors

Similar presentations

Ads by Google