Browse by Tags

Tagged Content List
  • Blog Post: Is CAS dead in .NET 4?

    With all the changes in the security system of .NET 4, the question frequently arises “so, is CAS dead now?”. One of the reasons that this question comes up so frequently, is that the term CAS in the .NET 1 security model was overloaded to refer to many different aspects of the security system: ...
  • Blog Post: CLR v4 Security Policy Roundup

    Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code to work with the new model ...
  • Blog Post: Temporarily re-enabling CAS policy during migration

    Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that security policy is now in the hands of the host and the operating system. While we’ve looked at how to update code that implicitly uses CAS policy , loads assemblies from remote sources , and explicitly...
  • Blog Post: Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy

    Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts with how you write managed code against the v4 .NET Framework.  So far we’ve looked at the implicit uses of CAS policy, such as loading assemblies and creating AppDomains with Evidence and loading...
  • Blog Post: More Implicit Uses of CAS Policy: loadFromRemoteSources

    In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs.   There are another set of assembly loads...
  • Blog Post: CLR 4 Security on Channel 9

    A while back I did an interview with Charles Torre   about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week, and then transition into an overview of some of...
  • Blog Post: Visual Studio 10 Security Tab Changes

    Kris Makey, who works on the Visual Studio team, has written up a good blog post about the changes you’ll see on the security tab in Visual Studio 10 when it comes to editing permission sets .  He covers what the changes are, and some of the reasons why we worked with the Visual Studio team to make...
  • Blog Post: Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy

    Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers exclusively to the host application when setting up sandboxed domains by moving away from the old CAS policy model, and moving instead to simple sandboxed AppDomains. This leads to an interesting situation...
  • Blog Post: Sandboxing in .NET 4.0

    Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code can no longer be sandboxed however - far from...
  • Blog Post: Security Policy in the v4 CLR

    One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the security policy system.  In previous releases of the .NET Framework, CAS policy applied to all assemblies loaded into an application (except for in simple sandbox domains ). That lead to a lot of interesting...
  • Blog Post: .NET 4.0 Security

    The first beta of the v4.0 .NET Framework is now available , and with it comes a lot of changes to the CLR's security system. We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see available. Since there are a lot of security changes...
  • Blog Post: FullTrust on the LocalIntranet

    We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will receive a grant set of FullTrust by default, making...
  • Blog Post: CAS and Native Code

    CAS is complicated enough to understand when all of the moving parts are written in managed code (and therefore have all the associated managed meta-information like grant sets, etc). However, once native code comes into play things can get even more confusing. Let's take a look at how CAS works when...
  • Blog Post: Manifested Controls Redux

    Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks to the manifest control model, so those posts...
  • Blog Post: Transparency as Least Privilege

    In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least privilege . The tool I like to use for least privilege is actually the security transparency model available in v2.0+ of the CLR (and which became the basis of the Silverlight security model ). On the...
  • Blog Post: Avoiding Assembly Level Declarative Security

    I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can, and also recommend that others avoid them as well...
  • Blog Post: Bypassing the Authenticode Signature Check on Startup

    A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature . The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly. However, by default most applications don't need Publisher evidence. Standard CAS policy...
  • Blog Post: Loading an Assembly as a Byte Array

    One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly as a byte array. The security identity of an assembly loaded this way turns out to be different than if you were to load the same assembly by name or by file. In the case that you load an assembly with...
  • Blog Post: Using the MMC Snap-In to Configure 64 Bit CAS Policy

    The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only modify policy for the version of the CLR it is running...
  • Blog Post: Tying your IE Hosted Control to a Manifest

    Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your control's permissions declaratively . We also saw how to generate manifests that would state what permissions your control needs (and the rules associated with those manifests). Now it's time to tie it...
  • Blog Post: Manifests for IE Hosted Controls

    Earlier this week,I talked about the Orcas feature where controls can declaratively request permissions in a similar way to ClickOnce applications. In fact, the manifests used for this request are the same manifests used for ClickOnce applications, with a few special requirements added onto them. When...
  • Blog Post: Specifying Permissions for IE Controls in Orcas

    One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions . If you need to have a managed control run...
  • Blog Post: Enumerating Evidence

    The Evidence class supports being enumerated in three different ways: GetAssemblyEnumerator GetHostEnumerator GetEnumerator The first two are pretty self explanatory, enumerating over the evidence that the assembly supplied itself , or over the evidence supplied by the CLR and it's hosting application...
  • Blog Post: Assembly Provided Evidence

    We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but one feature of the runtime that's much less known is that assemblies can actually provide evidence of their own. This seems to be one of the best kept secrets in CLR security, the only mention of it...
  • Blog Post: Evidence Must Be Serializable

    The Evidence object acts as a collection for any sort of object that you want to add as evidence for an assembly or AppDomain. (It can get confusing because there is both an Evidence class and objects used as evidence. I'll capitalize the first one to disambiguate between them). Both the AddHost and...
Page 1 of 5 (118 items) 12345