Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Declarative Security and Reflection
If you’re using the CustomAttributeData APIs to examine declarative security permission, you might...
Date: 04/21/2010
Is CAS dead in .NET 4?
With all the changes in the security system of .NET 4, the question frequently arises “so, is CAS...
Date: 02/24/2010
Using SecAnnotate to Analyze Your Assemblies for Transparency Violations – An Example
SecAnnotate (available in the final .NET 4 SDK, and in beta form here) can be used to analyze your...
Date: 11/18/2009
SecAnnotate Beta
One of the design goals of the security transparency system in the CLR is that it should be as...
Date: 11/18/2009
Differences Between the Security Rule Sets
In my last post I talked about the two different security rule sets supported by the v4 CLR. ...
Date: 11/12/2009
Transparency Models: A Tale of Two Levels
Earlier this week, we looked at how the v4 CLR continued the evolution of the security transparency...
Date: 11/11/2009
Transparency as Enforcement in CLR v4
Now that we know the basics of security transparency, let's look at how it evolved over time. In...
Date: 11/09/2009
Bridging the Gap Between Transparent and Critical Code
Last time we looked at the set of operations that can only be performed by security critical code....
Date: 11/05/2009
Transparency 101: Basic Transparency Rules
One of the biggest changes in the .NET 4 security model is a move toward security transparency as a...
Date: 11/03/2009
CLR v4 Security Policy Roundup
Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in...
Date: 06/12/2009
Temporarily re-enabling CAS policy during migration
Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that...
Date: 06/12/2009
Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy
Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts...
Date: 06/09/2009
More Implicit Uses of CAS Policy: loadFromRemoteSources
In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly...
Date: 06/08/2009
CLR 4 Security on Channel 9
A while back I did an interview with Charles Torre about the changes to security in CLR v4,...
Date: 05/28/2009
Visual Studio 10 Security Tab Changes
Kris Makey, who works on the Visual Studio team, has written up a good blog post about the changes...
Date: 05/28/2009
Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy
Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers...
Date: 05/27/2009
Sandboxing in .NET 4.0
Yesterday I talked about the changes in security policy for managed applications, namely that...
Date: 05/22/2009
Security Policy in the v4 CLR
One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the...
Date: 05/21/2009
.NET 4.0 Security
The first beta of the v4.0 .NET Framework is now available, and with it comes a lot of changes to...
Date: 05/20/2009
Authenticated Symmetric Encryption in .NET
Over the last week, we've made a couple of updates to our Codeplex projects to add authenticated...
Date: 03/17/2009
MD5 on Silverlight
Reid Borsuk, an SDE/T on the CLR security team, has released a fully transparent implementation of...
Date: 12/09/2008
CryptoConfig
The crypto config schema has been a bit of a hot topic around here lately, specifically around how...
Date: 12/02/2008
Using RSACryptoServiceProvider for RSA-SHA256 signatures
Earlier this month, we released .NET 3.5 SP 1. One of the new features available in this...
Date: 08/25/2008
CLR Security Team CodePlex Site
The CLR Security Team just launched our CodePlex site: https://www.codeplex.com/clrsecurity. ...
Date: 07/10/2008
Dr. Dobbs Looks at Silverlight Security
Dino Esposito has an article in the March Dr. Dobb's Journal taking a look at the Silverlight...
Date: 07/09/2008
Strong Name Bypass
Many managed applications start up slower than they really need to because of time spent verifying...
Date: 05/14/2008
FullTrust on the LocalIntranet
We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default...
Date: 05/12/2008
Disabling the FIPS Algorithm Check
.NET 2.0 introduced a check for FIPS certified algorithms if your local security policy was...
Date: 03/14/2008
CAS and Native Code
CAS is complicated enough to understand when all of the moving parts are written in managed code...
Date: 03/04/2008
Which Groups Does WindowsIdentity.Groups Return?
WindowsIdentity exposes a Groups property which returns a collection of IdentityReferences for the...
Date: 02/07/2008
Manifested Controls Redux
Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which...
Date: 01/24/2008
Transparency as Least Privilege
In my last post I mentioned that there is a better alternative to RequestRefuse for achieving least...
Date: 10/30/2007
Avoiding Assembly Level Declarative Security
I've written in the past about the three assembly level declarative security actions:...
Date: 10/02/2007
CLR Inside Out: Digging into IDisposable
My third MSDN magazine article, Digging into IDisposable, appeared in this month's issue in the CLR...
Date: 06/20/2007
Silverlight Security Cheat Sheet
Over the last week we took a look at the new Silverlight security model. When you're writing a...
Date: 05/14/2007
Silverlight Security III: Inheritance
Over the last few days we've looked at the basics of the CoreCLR security model in Silverlight, and...
Date: 05/11/2007
Silverlight Security II: What Makes a Method Critical
Yesterday we talked about the CoreCLR security model, and how it is built upon the transparency...
Date: 05/10/2007
The Silverlight Security Model
You may have heard a thing or two last week about a little project we like to call Silverlight,...
Date: 05/09/2007
Bypassing the Authenticode Signature Check on Startup
A while back I wrote about the performance penalty of loading an assembly with an Authenticode...
Date: 05/07/2007
Loading an Assembly as a Byte Array
One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly...
Date: 04/18/2007
TemplateControl.control
Attached is the TemplateControl.control manifest. TemplateControl.control
Date: 03/29/2007
Using the MMC Snap-In to Configure 64 Bit CAS Policy
The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid...
Date: 03/15/2007
Tying your IE Hosted Control to a Manifest
Last week, I talked about the Orcas feature which allows you to provide a manifest to elevate your...
Date: 03/12/2007
Manifests for IE Hosted Controls
Earlier this week,I talked about the Orcas feature where controls can declaratively request...
Date: 03/09/2007
Specifying Permissions for IE Controls in Orcas
One of my most read blog posts (and one of the reasons I created this blog in the first place -- to...
Date: 03/07/2007
Enumerating Evidence
The Evidence class supports being enumerated in three different ways: GetAssemblyEnumerator...
Date: 02/23/2007
Assembly Provided Evidence
We all know that the CLR provides many types of evidence to assemblies and AppDomains by default,...
Date: 02/20/2007
Introduction to the Orcas Add-In Model
One of the features the CLR team is adding in Orcas is that we're providing a new model to help...
Date: 02/20/2007
Please do not use the .NET 2.0 HMACSHA512 and HMACSHA384 Classes
We’ve recently discovered a bug in the HMACSHA512 and HMACSHA384 classes which shipped in the .NET...
Date: 01/31/2007
Elliptic Curve Diffie-Hellman
The second elliptic curve algorithm added to Orcas is elliptic curve Diffie-Hellman, as the...
Date: 01/22/2007