March 04, 2004

More on .NET Code Access Security

I’ve been doing a lot of reading on .NET Code Access Security lately, which is the new security security model for .NET. CAS represents a stark contrast to traditional Windows permissions, which are based on the permissions of the user.

Most developers log into their machines as Administrators since that’s the only way to get anything done! For instance, it’s the only way that you can install software, the only way you can adjust system wide settings and, most unfortunately, the only way most Windows programs work properly! My kids have their own computer, an older machine I’ve been keeping healthy over the years. I’ll be damned if I can find a single kid’s game that works properly out of the box while running as a non-priveleged user.

If you are a skilled Windows user, you may be aware that you can run a program as an Administrator even when your regular user account is non-privileged. The steps are documented in the online documentation for Windows XP Professional. Personally, I don’t have the guts to try running my day as a non-privileged user. I tried it a few times and I nearly pulled out my hair.

Despite the limitations imposed on non-privileged users, they still have full access to their profile and they can write to most areas of their hard drive (excluding areas owned by other users and the system areas.) Thus, under the Windows security model, any program that you launch as a non-privileged user can still do things that you or your system administrator may not want it to do.

A good example of a situation where a program should have a subset of a user’s permissions is a financial application that displays sensitive information to the user. The administrators may want to prevent the application from printing, writing to files, allowing itself to be screen captured, use the clipboard, etc.

Obviously a programmer can omit these features, but will the administrator believe them? Probably, but that’s another problem entirely ;-)

Microsoft seems to have nailed a far better approach to this problem. Under .NET CAS, the administrator can define rules of use on the enterprise level, the machine level, or the user level.

The rules are extensive! Here is a taste on the types of permissions you can grant or deny to an application:

  • Writing to a file, a directory, or a network share
  • Opening top-level windows, dialogs
  • Access to domain resources
  • Ability to establish network connections
  • Web access
  • Reflection
  • Printing
  • Use of the clipboard
  • and much more!

Applications are defined by membership in something called a code group. You can define a code group in a few ways. One way is to specify a directory, the presence of a hash, the presence of a strong name, etc.

When an application starts, the security system looks at the zone the application was launched from, directory the application started in, the presence of a hash, the presence of a strong name, etc. The security system gather’s all of this “evidence” and determines the appropriate code group for the application. A set of permissions (called, you guessed it, a permission set) is associated with each code group. The permission set thus defines everything that the application is allowed to do.

If you have the .NET Framework installed, you can launch the .NET Configuration Utility (Control Panel | Administrative Tools | Microsoft .NET Framework 1.x Configuration) and look at the different types of evidence available. You can also look at the rich set of permissions that can be used.

The Code Project has a good article titled Code Access Security from the perspective of the Developer and Administrator

This article kind of inspired this post. It explains what Code Access Security is and how developers and administrators should look at CAS.

I recommend that read in addition to the excellent Webcast by software legend Juval Löwy (as previously noted in this blog).

Finally, I watched an MSDN TV episode on CAS starring Matt Lyons.

Posted by Nick Codignotto at March 4, 2004 10:12 PM | TrackBack
Posted to Programming
Comments
Post a comment









Remember personal info?






Valid XHTML 1.0!   Valid CSS!