.NET Security Blog

Haibo just posted about his debugger visualizer for dynamic methods . This is a pretty sweet piece of code for anyone who uses lightweight code generation and needs to debug the code they've emitted. Basically it adds a visualizer to DynamicMethod objects...

One feature that will start to show up on the latest CTP of Whidbey is test key signing -- basically delay signing++. Lets do a quick review of what delay signing is , and then see where test key signing takes over. Recall a delay signed assembly is one...

Yesterday we looked at what host protection is and what it does. Today lets modify the ADMHost sample code so that it disables access to self affecting and external threading operations. We'll then attempt to run a bit of code that launches 10 threads...

One of our new Whidbey hosting features is called Host Protection -- basically it allows an application hosting the CLR to declare some types of operations off limits for use by hosted code. This is orthogonal to CAS in that CAS allows an administrator...

The annual MSDN Security Issue is now out, in addition to containing my article on hosting untrusted code, it also has one by Mike on What's New With Code Access Security in the .NET Framework 2.0 . We worked to make these two articles fit nicely together...

When I first talked about AppDomainManagers , I mentioned that there were three ways to set them up. You can either setup an environment block, use some registry keys, or use the unmanaged hosting API. In most of my samples so far I've used the environment...

Brian Johnson has a new article on MSDN about New Security Features in Visual Studio 2005 . Definitely worth a read -- he covers a lot of area, from Application Verifier, to ClickOnce, to PermCalc, right on down to unit testing.

Mike and I have been spending time this week meeting with the Visual Developer Security MVPs -- having plenty of discussion about what we can do in future releases of the framework and how CAS relates to some of the rest of Microsoft's products. It's...