Code access security is the central security scheme in the .Net framework, used automatically by the runtime. it helps you restrict access to import or sensitive operation and resources. To lock system and protect them against malicious code. you need to provide least privilege, which gives user and code the freedom absolutely necessary to perform their task. code access security helps you achieve this principle of least privilege.
Benefit of Code access security
In the past, role based security system relied on permission granted to the user. The .Net framework's code access security mechanism help grant access permission to code.
Many object such as file, directories and registry key in the windows operating system are controlled by access list that specify which users should have access and the kind of access they are allowed. User indentity is therefore important in evaluating access permission for the resources code. However, sometimes a trusted user may need to run code for undertain origin such as an application available from an external web site. In such cases role based security does little to protect your computer against malicious code. Evidence-based security, one the other hand can help identify suspected programs and can limit their ability to do damage.
Important Feature of Code access security
An important feature of code access security is that it can function reliability only when ode is verifiably type safe. If code is not type safe. It can breach security check by making calls to the restricted areas of memory.
For example :- its not legal to write type safe code that directly accesses the private member variables of an object. However it is safe. The CLR verifies that code is type safe and by default allows non type safe code to run only if it originates from the local omputer. Its is also possible to set a security policy that restricts the execution of any code is not type safe.
Another limitation of code access security is that it does not protect the user who downloads an application from the Internet and runs it locally. The defaultpoilicy of local application is to grant full trust so that such an application is free to access any of the user resources.
Specifying Security permission in code
There are two ways of specifying security permission in your code :
a) Imperative syntax : Requirs explicitly created permission object that are used to make security checks at run time.
b) Declarative syntax: Uses code attributes to specify the permission that are required to execute an assembly, a particular class, or particular methods in a class.
Rules in a security policy
Security policies can be configured by using the Microsoft .Net framework 2.0 Configuration utility. Policies consist of rules that can be specified at three different levels: Enterprise, Machine and User.
At the Enterprise level, you can set blanket rule across an entire company, department, or group of computers. Machine and user level allow you to specify security rule that restrict permissions for individual computer and users.
Primary entities in the code access security architecture
The following are the entities envolved in the code access security architecture
a) Assembly : Consist of a single file or a package of file and includes a manifest that contains import metadata such as permission requirements.
b) Evidence : Refers to information about the origin of the code, such as a URL or a Zone. Such information is either in the assembly or provided by the host in which the assembly is executed.
c) Policies : define a set of rules that determine the permissions to be granted to assemblies.
d) Permissions : Objects that grant code access to resource and authority to perform tasks.
e) Principals : object that represent both the identity and roles of a user. Evry thread or process is associated with a principal. By using role-based security. Permission can be granted and denied according to the identity or the roles of the principal.
A powerful feature of the code access security architecture is that it can evaluate permission demand by walking up the call stack. For example, consider what happen when a method in one assembly call another assembly and in this second assembly, a request is made for a particular permission.
its is possible that the evidence presented by the second assembly is enough to obtain the permission. however, it is also possible that the evidence in the first assembly does not grant permission on request. by default the runtime walks up the call stack to guard against such possibilities.
Reference Link :-