.NET Security Blog
If you’re using the CustomAttributeData APIs to examine declarative security permission, you might...
Date: 04/21/2010
With all the changes in the security system of .NET 4, the question frequently arises “so, is CAS...
Date: 02/24/2010
SecAnnotate (available in the final .NET 4 SDK, and in beta form here) can be used to analyze your...
Date: 11/18/2009
One of the design goals of the security transparency system in the CLR is that it should be as...
Date: 11/18/2009
In my last post I talked about the two different security rule sets supported by the v4 CLR. ...
Date: 11/12/2009
Earlier this week, we looked at how the v4 CLR continued the evolution of the security transparency...
Date: 11/11/2009
Now that we know the basics of security transparency, let's look at how it evolved over time. In...
Date: 11/09/2009
Last time we looked at the set of operations that can only be performed by security critical code....
Date: 11/05/2009
One of the biggest changes in the .NET 4 security model is a move toward security transparency as a...
Date: 11/03/2009
Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in...
Date: 06/12/2009
Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that...
Date: 06/12/2009
Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts...
Date: 06/09/2009
In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly...
Date: 06/08/2009
A while back I did an interview with Charles Torre about the changes to security in CLR v4,...
Date: 05/28/2009
Kris Makey, who works on the Visual Studio team, has written up a good blog post about the changes...
Date: 05/28/2009
Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers...
Date: 05/27/2009
Yesterday I talked about the changes in security policy for managed applications, namely that...
Date: 05/22/2009
One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the...
Date: 05/21/2009
The first beta of the v4.0 .NET Framework is now available, and with it comes a lot of changes to...
Date: 05/20/2009
Over the last week, we've made a couple of updates to our Codeplex projects to add authenticated...
Date: 03/17/2009
Reid Borsuk, an SDE/T on the CLR security team, has released a fully transparent implementation of...
Date: 12/09/2008
The crypto config schema has been a bit of a hot topic around here lately, specifically around how...
Date: 12/02/2008
Earlier this month, we released .NET 3.5 SP 1. One of the new features available in this...
Date: 08/25/2008
The CLR Security Team just launched our CodePlex site: https://www.codeplex.com/clrsecurity. ...
Date: 07/10/2008
Dino Esposito has an article in the March Dr. Dobb's Journal taking a look at the Silverlight...
Date: 07/09/2008
Many managed applications start up slower than they really need to because of time spent verifying...
Date: 05/14/2008
We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default...
Date: 05/12/2008
.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was...
Date: 03/14/2008
CAS is complicated enough to understand when all of the moving parts are written in managed code...
Date: 03/04/2008
WindowsIdentity exposes a Groups property which returns a collection of IdentityReferences for the...
Date: 02/07/2008
Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which...
Date: 01/24/2008
In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least...
Date: 10/30/2007
I've written in the past about the three assembly level declarative security actions:...
Date: 10/02/2007
My third MSDN magazine article, Digging into IDisposable, appeared in this month's issue in the CLR...
Date: 06/20/2007
Over the last week we took a look at the new Silverlight security model. When you're writing a...
Date: 05/14/2007
Over the last few days we've looked at the basics of the CoreCLR security model in Silverlight, and...
Date: 05/11/2007
Yesterday we talked about the CoreCLR security model, and how it is built upon the transparency...
Date: 05/10/2007
You may have heard a thing or two last week about a little project we like to call Silverlight,...
Date: 05/09/2007
A while back I wrote about the performance penalty of loading an assembly with an Authenticode...
Date: 05/07/2007
One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly...
Date: 04/18/2007
Attached is the TemplateControl.control manifest. TemplateControl.control
Date: 03/29/2007
The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid...
Date: 03/15/2007
Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your...
Date: 03/12/2007
Earlier this week,I talked about the Orcas feature where controls can declaratively request...
Date: 03/09/2007
One of my most read blog posts (and one of the reasons I created this blog in the first place -- to...
Date: 03/07/2007
The Evidence class supports being enumerated in three different ways: GetAssemblyEnumerator...
Date: 02/23/2007
We all know that the CLR provides many types of evidence to assemblies and AppDomains by default,...
Date: 02/20/2007
One of the features the CLR team is adding in Orcas is that we're providing a new model to help...
Date: 02/20/2007
We’ve recently discovered a bug in the HMACSHA512 and HMACSHA384 classes which shipped in the .NET...
Date: 01/31/2007
The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the...
Date: 01/22/2007