.NET Security Blog

In v2.0, there is a new ApplicationTrust property on the AppDomain class . This property will be non-null in two conditions Your application is a ClickOnce application Your code is running in a simple sandbox domain In the ClickOnce case,...

Eric just pointed out to me that no comments appear to be showing up in my blog recently. I had switched on moderation for anonymous users, and for some reason the notification email stopped being sent to me. I've gone through the backlog of comments...

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time...

Haibo just posted about his debugger visualizer for dynamic methods . This is a pretty sweet piece of code for anyone who uses lightweight code generation and needs to debug the code they've emitted. Basically it adds a visualizer to DynamicMethod objects...

One feature that will start to show up on the latest CTP of Whidbey is test key signing -- basically delay signing++. Lets do a quick review of what delay signing is , and then see where test key signing takes over. Recall a delay signed assembly is one...

Yesterday we looked at what host protection is and what it does. Today lets modify the ADMHost sample code so that it disables access to self affecting and external threading operations. We'll then attempt to run a bit of code that launches 10 threads...

One of our new Whidbey hosting features is called Host Protection -- basically it allows an application hosting the CLR to declare some types of operations off limits for use by hosted code. This is orthogonal to CAS in that CAS allows an administrator...

The annual MSDN Security Issue is now out, in addition to containing my article on hosting untrusted code, it also has one by Mike on What's New With Code Access Security in the .NET Framework 2.0 . We worked to make these two articles fit nicely together...

When I first talked about AppDomainManagers , I mentioned that there were three ways to set them up. You can either setup an environment block, use some registry keys, or use the unmanaged hosting API. In most of my samples so far I've used the environment...

Brian Johnson has a new article on MSDN about New Security Features in Visual Studio 2005 . Definitely worth a read -- he covers a lot of area, from Application Verifier, to ClickOnce, to PermCalc, right on down to unit testing.

Mike and I have been spending time this week meeting with the Visual Developer Security MVPs -- having plenty of discussion about what we can do in future releases of the framework and how CAS relates to some of the rest of Microsoft's products. It's...

The MSDN Magazine site just put up my article, Do You Trust It? Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0 , as a preview of their November security issue . In the article I cover various techniques for safely...

Before PDC we were talking a bit about security transparency, namely what it is and how to use it . We learned the restrictions placed on transparent code which prevents it from elevating the permissions of the call stack, namely: Transparent code...

One of the attendees at the PDC had an interesting question combining ClickOnce and Add-Ins. Basically, his application was being deployed with ClickOnce, and was running without elevating it's privileges beyond the Internet zone [fan-tastic :-)]. The...

Another interesting question arose today. An assembly was granted FullTrust by policy, which was confirmed by CasPol. Yet it was being prevented from calling code in non-APTCA assemblies. Turns out that the code in question had an assembly level RequestOptional...

Last night at the Writing Partial Trust Code BoF, someone was wondering if they could create a sort of download sandbox on their machine. The problem that we're trying to solve is to be able to save code to the local machine from the browser instead of...

The day's winding down now, and I'm getting ready to head to Keith's BoF's Writing Secure Code and Writing Partially Trusted Code. Before taking off, here's the quote of the day from PDC: "The two things that are helping .NET really take off are the...

Just got back from lunch with a group from Apple. After checking the rule book, it turns out that no physical laws would be violated by having Apple and Microsoft so close together, and than fully there was no matter-antimatter reaction :-). They were...

After spending the beginning of the morning in the Fundamentals Lounge, I went up to see Keith during the intermission of his Art of Secure Coding and to let him know that Mike and I would swing by his BOF's tomorrow . Afterwords, we grabbed some lunch...

I'll be heading down to Los Angeles this Sunday to take part in my first PDC. I'm going to spend most of my time in the Fundamentals Track Lounge. I'll also be celebrating my birthday at the Ask the Experts on Thursday from 6:30-9:00 (and hopefully celebrating...

Last week I discussed the concepts of security transparency and security critical code. Now it's time to get into the how-to's Marking an Entire Assembly Critical This is by far the easiest of the operations ... just do nothing [:D]. By default...

Mike Stall recently completed a project to embed IronPython into the MDbg debugger as an MDbg extension. IronPython's hosting interface is pretty slick, in fact it took Mike only 10 steps to get IronPython running inside MDbg and expose the debugger functionality...

When you provide an assembly that will be called by partially trusted callers, you need to make sure that you do a thorough security audit of that assembly -- especially if it’s an APTCA assembly. One of the primary reasons this security review is required...

Recently I've been getting a lot of email from this blog asking for help with various problems. Although I'd love to help out, I don't have the time to address each mail directly. In fact, most of the problems I (and other members of the CLR team I've...

There's a ton of new and enhanced security features coming with the v2.0 release of the CLR. However, finding a definitive list of them all can be a somewhat challenging task. Dominick Baier has an excellent slide deck detailing some of the changes and...