Chapter 24. Architecting a Secure Assembly

By Rudi Martin

IN THIS CHAPTER

• Where to Begin?

• If All Else Fails

• Don't Throw It All Away

As discussed in the previous chapter, it's important to begin planning your security story before writing any code. This chapter will give you an idea of some broad strategies that you can employ in order to design security into a product from day one.

Given the wide diversity of applications that can be implemented under the .NET Framework, and the subtlety and complexity of designing a watertight security model for any piece of code that's even mildly complex, this chapter cannot provide exhaustive coverage of its subject. Rather, it should serve as a starting point for your own investigations.

The goals of this chapter are somewhat broad and a little fuzzy. Don't worry, we'll get a lot more specific in the next chapter, when we start to look at implementation details. For now, the principal aim is to give you an idea of where to begin thinking about the problem and to introduce you to the correct mindset ”something that's just as important, if not more important, than the code itself.

Those who are architecting, designing, implementing, or testing a secure piece of software will benefit from reading this chapter.