for RuBoard |
By Brian A. LaMacchia
IN THIS CHAPTER
Development-Time Security Considerations
Deployment-Time Security Issues
Execution-Time Security Issues
This chapter concludes our discussion of Code Access Security fundamentals by showing how the features described in Chapters 4 through 11 interact when managed code is loaded and run within the Common Language Runtime. In the previous chapters, we have looked at various security features of the Runtime ”verification, policy evaluation, and permission enforcement ”in isolation. Now, we focus on how these individual pieces of the security system come together and interact to provide a secure environment for executing semitrusted code. After reading this chapter, the reader should be able to
Describe the security actions that must be made by developers at code authoring time, including declarative permission requests and appropriate permission demands
Describe the various mechanisms by which managed code can be installed onto a particular machine
Describe the function of the Native Image Generator and PE Verify tools and their relationship to the security system
Describe the roles the loader, the policy system, and the Just-In-Time compiler/verifier play in the CLR security system
The lifecycle of any particular managed process can be divided into three distinct stages ”development, deployment, and execution. Software authors, administrators, and users make security decisions at each stage of the process that ultimately determine the permissions with which an assembly runs on a particular machine. We begin this chapter with an overview of the security decisions that face developers at code authoring time and then proceed to deployment and execution-time considerations in later sections.
for RuBoard |