Introducing Code Access Security

Malicious codes, both from known and unknown sources, are a threat to any computer that has access to Internet. You are prone to get the malicious codes through e-mail, or when you download documents, or even when you are just surfing the Internet. Though the secured system of allotting a user name and a password for accessing all the resources, many times this method has proved to be faulty and not secure, as intentional hackers can hack the username and password without even the knowledge of the legitimate users. Subsequently the username and the password can be used either to tamper the data or to steal valuable information.

To avoid the possible security breach, there is one system called Code Access
Security in .NET Framework that can protect you from any malicious or harmful codes getting executed in your computer system and can save you from any security compromise. Using Code Access Security, you can minimise your exposure to the vulnerable situations, as the system employs a unique method of rights involving execution of codes at varied levels and with varied identity levels. Code Access
Security in any .NET Framework work on the principles of the following:

· Granting permissions and rights to access various resources including access to computer.

· Involves a well-defined security policy that can be configured or customised to meet to your requirement. Various permission levels can be assigned to a set of codes and there by maintaining a well secured configuration.

· When an important or a sensitive set of codes are to be executed, then the system will ask for permission of an authorised official - in other words, only a person who holds a specific permission or role alone can run the codes to get the desired results.

· Various levels of permissions can be granted to various persons using the system and the same can be customised based on the prevailing security policy of the organization.

· A provision is made available with which you can configure your system to ask for a specific permission whenever a code is executed.

· Various levels of restriction can be introduced at code level itself that can make the system to cross check whether the person permitting the running of code is really authorised to do so or not.

You can make use of the concepts employed in Code Access Security to develop applications for any real-time runtime environment. Few of the concepts that are widely used are:

Writing type-safe code: With this the original source-codes can be secured and you can make only a compiled runtime version alone capable of running in real-time environment.

Imperative and declarative syntax: You can make use of declarative and essential calls and be able to customise your triggers and again the triggers can be made to get execute a set of pre-defined codes that too with only correct permission levels. With such a facility you can fully secure your data and system from external threats.

Making your code to run or getting executed only with a permission: You can fully configure your application to evaluate the configured permission levels and ensure that your codes are run only by authorised persons and none other.

Presence secure class libraries: With the help of class libraries you can customise and specify your various permission levels that are required for access to data and to the codes, and you will be able to employ the permissions globally in the entire system.