Welcome to MSDN Blogs
Sign in
|
Join
|
Help
.NET Security Blog
This Blog
Syndication
RSS 2.0
Atom 1.0
Search
Tags
CAS
ClickOnce
CLR v4
CNG
Cryptography
Debugging
Orcas
Other
Policy
SecAnnotate
Security
Silverlight
SSCLI
StrongName
Transparency
Under the Hood
Visual Studio
Windows
XML
News
Silverlight Security Cheat Sheet
What's New in Security for v2.0
List of CLR Bloggers
Getting Help with your .NET Questions
Archives
November 2009 (7)
June 2009 (4)
May 2009 (6)
March 2009 (1)
December 2008 (2)
August 2008 (1)
July 2008 (2)
May 2008 (2)
March 2008 (2)
February 2008 (1)
January 2008 (1)
October 2007 (2)
June 2007 (1)
May 2007 (5)
April 2007 (1)
March 2007 (4)
February 2007 (3)
January 2007 (5)
December 2006 (2)
November 2006 (3)
October 2006 (5)
September 2006 (2)
August 2006 (1)
July 2006 (6)
June 2006 (6)
May 2006 (7)
April 2006 (7)
March 2006 (6)
February 2006 (7)
January 2006 (9)
December 2005 (7)
November 2005 (8)
October 2005 (8)
September 2005 (11)
August 2005 (7)
July 2005 (8)
June 2005 (4)
May 2005 (10)
April 2005 (6)
March 2005 (10)
February 2005 (9)
January 2005 (10)
December 2004 (10)
November 2004 (11)
October 2004 (12)
September 2004 (10)
August 2004 (10)
July 2004 (10)
June 2004 (11)
May 2004 (7)
April 2004 (14)
March 2004 (21)
February 2004 (12)
January 2004 (3)
December 2003 (1)
November 2003 (5)
October 2003 (1)
June 2003 (2)
Browse by Tags
All Tags
»
Transparency
(RSS)
CAS
CLR v4
Policy
SecAnnotate
Security
Silverlight
Wednesday, November 18, 2009 8:41 AM
Using SecAnnotate to Analyze Your Assemblies for Transparency Violations – An Example
SecAnnotate (available in the final .NET 4 SDK, and in beta form here ) can be used to analyze your assemblies, especially APTCA assemblies in order to find transparency violations without needing code coverage from a test case. Instead, the static analysis
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
,
SecAnnotate
Attachment(s):
TransparencyAnnotations.xml
Wednesday, November 18, 2009 8:24 AM
SecAnnotate Beta
One of the design goals of the security transparency system in the CLR is that it should be as static as possible and not rely on dynamic state (such as the call stack) to function. A fallout of this is that we can write tools to analyze assemblies and
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
,
SecAnnotate
Attachment(s):
SecAnnotate.msi
Thursday, November 12, 2009 12:59 PM
Differences Between the Security Rule Sets
In my last post I talked about the two different security rule sets supported by the v4 CLR . At a high level, level 1 is the v2.0 security transparency model, and level 2 encompasses the updated v4 security transparency model. Digging down
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
Silverlight
,
CLR v4
,
Transparency
Wednesday, November 11, 2009 11:24 AM
Transparency Models: A Tale of Two Levels
Earlier this week, we looked at how the v4 CLR continued the evolution of the security transparency model that started in v2 and started evolving with Silverlight in order to make it the primary security enforcement mechanism of the .NET 4 runtime. The
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
Monday, November 09, 2009 12:23 PM
Transparency as Enforcement in CLR v4
Now that we know the basics of security transparency , let's look at how it evolved over time. In .NET v2.0, many of the transparency rules we previously looked at were in place , with the exception of some of the inheritance rules that were introduced
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
Thursday, November 05, 2009 9:59 AM
Bridging the Gap Between Transparent and Critical Code
Last time we looked at the set of operations that can only be performed by security critical code . One interesting observation is that just because you are doing one of these operations does not mean that your method in and of itself is security sensitive.
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
Tuesday, November 03, 2009 9:38 AM
Transparency 101: Basic Transparency Rules
One of the biggest changes in the .NET 4 security model is a move toward security transparency as a primary security enforcement mechanism of the platform. As you'll recall, we introduced security transparency in the v2 release of .NET as more of an audit
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
CLR v4
,
Transparency
Thursday, May 28, 2009 1:30 PM
CLR 4 Security on Channel 9
A while back I did an interview with Charles Torre about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week,
Posted by
shawnfa
|
1 Comments
Filed under:
Security
,
CAS
,
Policy
,
CLR v4
,
Transparency
Wednesday, September 21, 2005 10:20 AM
Transparency and Member Visibility
Before PDC we were talking a bit about security transparency, namely what it is and how to use it . We learned the restrictions placed on transparent code which prevents it from elevating the permissions of the call stack, namely: Transparent code cannot
Posted by
shawnfa
|
0 Comments
Filed under:
Security
,
Transparency
Friday, September 09, 2005 9:40 AM
Marking Your Code Transparent
Last week I discussed the concepts of security transparency and security critical code. Now it's time to get into the how-to's Marking an Entire Assembly Critical This is by far the easiest of the operations ... just do nothing [:D]. By default, all assemblies
Posted by
shawnfa
|
8 Comments
Filed under:
Security
,
Transparency
Wednesday, August 31, 2005 2:04 PM
When the Opposite of Transparent isn't Opaque
When you provide an assembly that will be called by partially trusted callers, you need to make sure that you do a thorough security audit of that assembly -- especially if it’s an APTCA assembly. One of the primary reasons this security review is required
Posted by
shawnfa
|
5 Comments
Filed under:
Security
,
CAS
,
Transparency
