Code Identity

Previous page
Table of content
Next page
Team-Fly    
 
Application Development Using Visual Basic and .NET
By Robert J. Oberg, Peter Thorsteinson, Dana L. Wyatt
Table of Contents
Chapter 16.  Security

The characteristics by which a particular assembly can be identified are its identity permissions. An example is a signed assembly's strong name or the Web site that originated the assembly. Based on the evidence provided to the assembly loader or trusted host, identity permissions are granted by the CLR.

Identity Permission Classes

To identify running code, there are several identity permission classes.

  • PublisherIdentityPermission models the software publisher's digital signature.

  • SiteIdentityPermission models the Web site where code originated.

  • StrongNameIdentityPermission models the strong name of an assembly.

  • ZoneIdentityPermission models the zone where the code originated.

  • URLIdentityPermission models the URL and the protocol where the code originated.

These identity permissions represent evidence that can be used to determine security policy. It is important to recognize that identity permissions are not code access permissions.

Evidence

Security policy is based on a set of rules that administrators can establish. The .NET security system can use those rules to enforce the security policy. The evidence, represented by the identity permissions, is used to determine which security policy to apply.

The AppDomain class has a function ExecuteAssembly that causes an assembly to load and run. One of the possible arguments to this overloaded method is an Evidence object argument. This Evidence class is a collection of objects that represent the identity of the assembly, which is used in making security policy decisions.

The Evidence example illustrates this. This example gets the collection of evidence associated with a strongly named assembly and prints out the associated values. 

 graphics/codeexample.gif Dim ev As System.Security.Policy.Evidence = _    AppDomain.CurrentDomain.Evidence Dim iEnum As IEnumerator = ev.GetEnumerator() Dim bNext As Boolean Console.WriteLine(_    "Evidence Enumerator has {0} members", _    ev.Count) bNext = iEnum.MoveNext() While bNext = True    Dim x As Object = iEnum.Current    Dim t As Type = x.GetType()    Console.WriteLine(t.ToString())    If t Is Type.GetType(_          "System.Security.Policy.Zone") Then       Dim zone As Zone = x       Console.WriteLine("   " + _          zone.SecurityZone.ToString())    ElseIf t Is Type.GetType(_          "System.Security.Policy.Url") Then       Dim url As Url = x       Console.WriteLine("   " + _          url.Value.ToString())    ElseIf t Is Type.GetType(_          "System.Security.Policy.Hash") Then       Dim hash As Hash = x       Dim md5Hash() As Byte = hash.MD5       Dim sha1Hash() As Byte = hash.SHA1       Console.WriteLine("    MD5 Hash of Assembly:")       Console.Write("      ")       Dim i As Integer       For i = 0 To md5Hash.Length - 1          Console.Write(md5Hash(i))       Next       Console.WriteLine()       Console.WriteLine("    SHA1 Hash of Assembly:")       Console.Write("      ")       For i = 0 To sha1Hash.Length - 1          Console.Write(sha1Hash(i))       Next       Console.WriteLine()    ElseIf t Is Type.GetType(_          "System.Security.Policy.StrongName") Then       Dim sn As StrongName = x       Console.WriteLine(_          "    StrongName of Assembly is: {0} " & _          "version: {1}", sn.Name, sn.Version)       Console.WriteLine("    Assembly public key:")       Console.Write("        ")       Console.WriteLine(sn.PublicKey.ToString())    End If    bNext = iEnum.MoveNext() End While

The example's output would look something like this: 

 Evidence Enumerator has 4 members System.Security.Policy.Zone    MyComputer System.Security.Policy.Url    file://C:/OI/NetVB/Chap16/Evidence/bin/Evidence.exe System.Security.Policy.StrongName     StrongName of Assembly is: Evidence version: 1.0.808.39413     Assembly public key:         0024000004800000940...5EA897BA System.Security.Policy.Hash     MD5 Hash of Assembly:       5934823522219523214999128165198908214168     SHA1 Hash of Assembly:       1592378069174985489611742512062371931814814718180

The evidence associated with the Zone for this assembly is MyComputer. The Url evidence is the location on disk of the assembly. The Hash evidence can give us the MD5 and SHA-1 hashes of the assembly. The StrongName evidence tells us information about the unique assembly name.

Some of this evidence is convertible to the associated identity permissions. For example, the Zone class has a CreateIdentityPermission method that returns an IPermission interface representing the ZoneIdentityPermis sion instance associated with this piece of evidence. The Url and StrongName classes have similar methods .

Another way of looking at the identity permissions is that they answer a series of questions:

  • Who published (signed) it?

  • What is the name of the assembly?

  • What Web site or URL did it come from?

  • What zone did the code originate from?

The creator of the application domain (host) can also provide evidence by passing in an Evidence collection when the ExecuteAssembly method is called. Of course, that code must have the ControlEvidence permission. The CLR is also trusted to add evidence, which is reasonable, since it enforces the security policy. Evidence is extensible. You can define evidence types and use them in your own customized security policies.

Team-Fly    
Top
 

Previous page
Table of content
Next page
Application Development Using Visual BasicR and .NET
Application Development Using Visual BasicR and .NET
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 190
BUY ON AMAZON
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
C & Data Structures (Charles River Media Computer Engineering)
The Java Tutorial: A Short Course on the Basics, 4th Edition
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
What is Lean Six Sigma
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy