Code Access Security
In this article we are going to look at what is Code access Security. How does it work and What are the different benefits of using Code access security.
Today's networked computers are exposed to code originated from various sources such as code attached to email, or code in the documents, code downloaded from internet. This code can contain virus or worms which may damage or destroy data on your computer.
Commonly used security mechanisms gives restricted access to resources, to users based on their login credentials. In this approach user receives code from known/unknown sources. This code may contain bugs or may be unreliable which might be exploited by malicious code. Computers can be damaged and private secure data can be leaked when trustworthy users run this malicious error-filled software. Therefore a Security mechanism is required which allows code originating from one computer to execute with protection on another computer even if there is no trust relationship between the systems.
What is Code Access Security:
Code access security is a mechanism that helps limit the access code has to protected resources and operations. In the .NET Framework, code access security performs the following functions:
•Defines permissions and permission sets that represent the right to access various system resources.
•Enables administrators to configure security policy by associating sets of permissions with groups of code (code groups).
•Enables code to request the permissions it requires in order to run, as well as the permissions that would be useful to have, and specifies which permissions the code must never have.
•Grants permissions to each assembly that is loaded, based on the permissions requested by the code and on the operations permitted by security policy.
•Enables code to demand that its callers have specific permissions.
•Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.
•Enforces restrictions on code at run time by comparing the granted permissions of every caller on the call stack to the permissions that callers must have.
Benefits of Code Access Security
The .NET Framework provides a security mechanism called code access security which provides following benefits:
1.Helps protect computer systems from malicious code.
2.Allows code from unknown origins to run with protection.
3.Prevents trusted code from intentionally or accidentally compromising security.
4.Depending on from where the code is obtained and the code's identity, code can be trusted to varying degrees.
5.It enforces varying levels of trust on code, which minimizes the amount of code that must be fully trusted in order to run.
6.It can reduce the likelihood that your code can be misused by malicious or error-filled code.
7.It can reduce your liability because you can specify the set of operations your code should be allowed to perform as well as the operations your code should never be allowed to perform.
8.It can also help minimize the damage that can result from security vulnerabilities in your code.
How the Code Access Security works:
1.To check whether the code is authorized to access a resource or perform an operation, the runtime's security system walks the call stack, comparing the granted permissions of each caller to the permission being demanded.
2.If any caller in the call stack does not have the demanded permission, a security exception is thrown and access is refused.
3.The stack walk is designed to help prevent luring attacks, in which less-trusted code calls highly trusted code and uses it to perform unauthorized actions.
An example of Code Access Security:
For Example Lets say an application downloads a control built using an installed class library(dll),from a local intranet host Web site to the client computer so that the user can enter data. The following are some of the ways code access security might be used in this scenario:
•Before load time, an administrator can configure security policy to specify that if the code has a particular digital signature; it should be given more permission than local internet code would usually receive. Because, by default, the predefined LocalIntranet named permission set is associated with all code that is downloaded from the local intranet.
•At load time, the runtime grants the permissions associated with the LocalIntranet permission set and some additional permission if it has its trusted signature.
•At run time, whenever a caller (in this case the hosted control) accesses a library that exposes protected resources or a library that calls unmanaged code, the library makes a security demand, which checks caller's permissions for the appropriate permission grants. These security checks help prevent the control from performing unauthorized actions on the client's computers.
Every application that targets the CLR(common language runtime) must interact with the runtime's security system. When an application executes, it is automatically evaluated and given a set of permissions by the runtime. Depending on the permissions that the application receives, it either runs properly or generates a security exception. The local security settings on a particular computer decides which permissions code receives. Because these settings can change from computer to computer, you can never be sure that your code will receive sufficient permissions to run. In case of unmanaged development, you do not have to worry about your code's permission to run.
Every developer must be familiar with the following code access security concepts in order to write effective applications targeting the common language runtime:
•Writing type-safe code: Use a compiler that generates verifiably type-safe code.
•Imperative and declarative syntax: Interaction with the runtime security system is performed using imperative and declarative security calls. Declarative calls are performed using attributes; imperative calls are performed using new instances of classes within your code.
•Requesting permissions for your code: Requests are applied to the assembly scope, where your code informs the runtime about permissions that it either needs to run or specifically does not want. Security requests are evaluated by the runtime when your code is loaded into memory.
•Using secure class libraries: Your class libraries use code access security to specify the permissions they require in order to be accessed. You should be aware of the permissions required to access any library that your code uses and make appropriate requests in your code.
For more information regarding Code Access Security. Please refer MSDN.
Code Access Security