1 / 9

Chapter 7. Permissions

Chapter 7. Permissions. Programming .Net Security, O’Reilly Publishers. Granting Permissions. CAS: Code Access Security Method 1: Map: Evidence to grants Types of evidence: Application directory, hash value of the assembly, publisher, site, URL, Internet explorer security zone

seth-johnston
Download Presentation

Chapter 7. Permissions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 7. Permissions Programming .Net Security, O’Reilly Publishers

  2. Granting Permissions • CAS: Code Access Security • Method 1: Map: Evidence to grants • Types of evidence: Application directory, hash value of the assembly, publisher, site, URL, Internet explorer security zone • Method 2: Identity permissions

  3. Requesting Permissions • Request for minimum permissions: assembly is not loaded if these are not possible • Requesting optional permissions (in addition to the minimum): assembly is loaded but it is up to the assembly to handle situations where it does not have • Refusing permissions: Permissions that a runtime must never grant

  4. Permission Types • Code access permissions: To represent actions and resoirces that are subject to security control E.g., System.Data.Common, System.Data.Odbc, System.Diagnsotics, System.DirectoryServices, Syste.Drawing.Printing, System.Net, System.Security.Permissions, etc.

  5. Identity permissions: Represent certain types of host evidence an assembly presents to the runtime at load time. • Types: Publisher, Site, StringName, Url, Zone • Examples: To allow any code from the Local Intranet security zone to access your method • To run your application only if it is executed from the website www.cs.odu.edu

  6. Enforcing Code-access Security • When loading an assembly, the .Net runtime evaluates an assembly, and determines what permissions to grant. A permissions object is created and assigned to the assembly. • When the application calls for system service such as deleting a file, the delete method creates a FileIoPermission object that describes permissions needed to carry out the requested operation. • Runtime checks the application’s permissions with those required. Answer is either a confirmation to the called method or an exception.

  7. Stack Walks • In case there is a chain of threads that resulted in a final call to the method, run time checks the permissions of all the threads involved in the call, not just the one that last called. • It walks up the stack, from the most recent to the least recent

  8. Overriding a Stack walk • Assert: A layer vouches for all layers above it • Eny: Opposite of assert • PermitOnly: similar to dent but lets it limit the permissions

  9. Security Statement Syntax • Imperative security statements---appear in the body of programmer’s methods and functions and are hence part of the code in the assembly • These can be used in conjunction with the normal program control constructs such as conditional and iterative statements • Declarative security statements: Expressed using attributes which are compiled to form an assembly’s metadata

More Related