What is Code Access Security?
Code Access Security (CAS) is a security mechanism that the .NET Framework Common Language Runtime (CLR) can use to restrict managed code from performing operations with limited privileges.
CAS enforces security policies in the .NET framework by preventing unauthorized access to protected resources and operations. Unlike traditional security methods in which user credentials are obtained from the user, CAS is designed to address the problems that arise when code is obtained from outside sources that contain bugs and security vulnerabilities. These bugs and vulnerabilities can leave a user's system vulnerable to malicious code, which may perform tasks without the user noticing. CAS only knows and permits the operations that a specific user code can and can perform. This capability applies to all managed code that targets the CLR.
CAS offers evidence-based security that is on a level above the security of the Windows operating system. While Windows is based on the user's permissions, CAS is based on evidence on the assembly. The assembly contains the permissions defined in the security policy and forms the basis for the code to take the necessary actions.
CAS is based on the following elements, among others:
Permissions: These are the basic rights required to access a protected resource or perform a protected operation.
Permission set: This is a set of permissions, such as: B. 'full trust', 'nothing', 'internet', 'local intranet' and others.
Code Group: This is a logical grouping of code with a specific membership condition, e.g. B. LocalIntranet_zone and Internet_zone.
Evidence: This is assembly-based information like application directory, publisher, url and security zone.
Security Policy: This is a set of rules configured by an administrator to determine the permissions granted to code expressed hierarchically at four levels as enterprise, machine, user, and application domains.
The code-executing privileged operation requests the CLR for one or more privileges. Actual eligibility is calculated using the union set in the code groups and then at the policy level. The CLR ensures that the requested permissions are included in the granted permissions of the method of this assembly. If the permission is not granted, a security exception is thrown.
CAS offers two security modes for defining permissions for code:
Declarative security is implemented by defining security attributes at the assembly, class, or member level. Declaration mode is used when calls need to be evaluated at compile time.
Imperative security uses runtime method calls to create instances of security classes. The imperative mode is used when calls have to be evaluated at runtime.
CAS has limitations, including the malfunction of an application moved to another system if the security policy is different. In addition, there is no control over unmanaged code and no control over how applications are developed to meet the needs of different scenarios of security settings on user systems.
To effectively use CAS's fine-grained security technology, developers should write type-safe code, use declarative or imperative syntax based on context, request permissions at runtime for code to run, and use safe libraries.