August 13, 2007

Security in Assemblies

Code Security is all about allowing and preventing code from running.

The .NET Security Model works by the assemblies each having their own Evidence embedded in the Assembly by the Assembly writer.
When the CLR loads the assembly it then reads and applies this Evidence to a Security model and this in turn returns Permissions, depending on what Permissions are returned will determine is the assembly is permitted to execute or not.
So it's Evidence in (on the assembly) -> Code Groups -> Permissions.

Code Access Security (CAS) is the the mechanism used by .NET to manage all of this. It's function is to process assemblies and determine the runtime permissions they should have, e.g. should they code within a certain assembly be allowed to run or not.

All assemblies have Evidence. As the CLR is loading the assembly it looks at this Evidence and processes it using the current machines .NET Code Group. Depending on where the assembly is being loaded from, the Evidence it has, the Code Group configuration on the current machine; will determine the Permissions that assembly gets.

Evidence: Evidence takes into account the assemblies strong name, publisher. There are 2 types of evidence Host Evidence and Assembly Evidence. Host Evidence is all about where the code is being loaded from, internet, local machine these are identified by URI, Site and Zones (Zones are for non internet)

Code Group: You can group permissions for assemblies i.e. all assemblies that have Internet permissions can do such and such. These are setup on the machine, when the CLR is processing the assemblies Evidence it tries to match the output with a Code Group.

Permissions: FullTrust, Internet. Have special meaning to the CLR, these restrict the access of code to resources, resources such as printers, applications etc.

No comments: