Chapter 12. Security Through the Lifetime of a Managed Process: Fitting It All Together

By Brian A. LaMacchia

IN THIS CHAPTER

• Development-Time Security Considerations

• Deployment-Time Security Issues

• Execution-Time Security Issues

This chapter concludes our discussion of Code Access Security fundamentals by showing how the features described in Chapters 4 through 11 interact when managed code is loaded and run within the Common Language Runtime. In the previous chapters, we have looked at various security features of the Runtime ”verification, policy evaluation, and permission enforcement ”in isolation. Now, we focus on how these individual pieces of the security system come together and interact to provide a secure environment for executing semitrusted code. After reading this chapter, the reader should be able to

• Describe the security actions that must be made by developers at code authoring time, including declarative permission requests and appropriate permission demands

• Describe the various mechanisms by which managed code can be installed onto a particular machine

• Describe the function of the Native Image Generator and PE Verify tools and their relationship to the security system

• Describe the roles the loader, the policy system, and the Just-In-Time compiler/verifier play in the CLR security system

The lifecycle of any particular managed process can be divided into three distinct stages ”development, deployment, and execution. Software authors, administrators, and users make security decisions at each stage of the process that ultimately determine the permissions with which an assembly runs on a particular machine. We begin this chapter with an overview of the security decisions that face developers at code authoring time and then proceed to deployment and execution-time considerations in later sections.