CLR v4 Security Policy Roundup
Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security...
View ArticleTransparency 101: Basic Transparency Rules
One of the biggest changes in the .NET 4 security model is a move toward security transparency as a primary security enforcement mechanism of the platform. As you’ll recall, we introduced security...
View ArticleBridging the Gap Between Transparent and Critical Code
Last time we looked at the set of operations that can only be performed by security critical code. One interesting observation is that just because you are doing one of these operations does not mean...
View ArticleTransparency as Enforcement in CLR v4
Now that we know the basics of security transparency, let’s look at how it evolved over time. In .NET v2.0, many of the transparency rules we previously looked at were in place, with the exception of...
View ArticleTransparency Models: A Tale of Two Levels
Earlier this week, we looked at how the v4 CLR continued the evolution of the security transparency model that started in v2 and started evolving with Silverlight in order to make it the primary...
View ArticleDifferences Between the Security Rule Sets
In my last post I talked about the two different security rule sets supported by the v4 CLR. At a high level, level 1 is the v2.0 security transparency model, and level 2 encompasses the updated v4...
View ArticleSecAnnotate Beta
One of the design goals of the security transparency system in the CLR is that it should be as static as possible and not rely on dynamic state (such as the call stack) to function. A fallout of this...
View ArticleUsing SecAnnotate to Analyze Your Assemblies for Transparency Violations – An...
SecAnnotate (available in the final .NET 4 SDK, and in beta form here) can be used to analyze your assemblies, especially APTCA assemblies in order to find transparency violations without needing code...
View ArticleIs CAS dead in .NET 4?
With all the changes in the security system of .NET 4, the question frequently arises “so, is CAS dead now?”. One of the reasons that this question comes up so frequently, is that the term CAS in the...
View ArticleDeclarative Security and Reflection
If you’re using the CustomAttributeData APIs to examine declarative security permission, you might notice that the returned information looks a little strange. The CustomAttributeData object that...
View Article