Exchange
and download of code from internet/intranet has become very common in
the recent past due to the fact that the interdependency between different
software applications/modules has increased. This can be an ordinary task
as long as the downloaded code from the source does not contain any malicious
code which can read some secured data from the system or corrupt vital
data that can harm the system. To address this security concern, the .Net
framework has enforced some security policies, one of which is the Code
Access Security.
Code Access
Security (CAS)
CAS is one
of the security features that manage the code based on the trust level
that has been assigned to it. With this, any managed application (or assembly)
can be controlled to a granular level with restricted permission set assigned
to it. The evidence information about the assemblies like its origin,
author, etc. is gathered by the runtime. Based on this information, the
assembly underlying the code will be identified to a group.
Execution of the code of the assembly would then be based on the security
policy that has been configured earlier to that group. For example, the
code downloaded from internet while browsing will be assigned to a group
for which the permissions for its access (read, write and execute) to
the local system would have already been set. CAS is also used for protecting
sensitive data like the employee data base that has to be used by secured
code.
Unlike the Role-based security where the execution of assembly are based
on the access rights of the user profile executing it, CAS allows execution
based on the set of permissions of the assembly(code) which allows to
operate in a restricted environment. CAS cannot be used for restricting
unmanaged applications and hence can allow any system resource that the
user has permission to access.
CAS is implemented with the help of following sets of data which are as
below:
Code group: defines the category to which the code belongs to. It is used
to associate permission sets to assemblies. Code groups are formed on
the basis of the Evidence information of the assembly which includes characteristics
of the assembly of the code like the source (internet, intranet, etc.),
publisher, URI (Uniform Resource Identifier) of the downloaded assembly,
etc.
Permission Set
Permission set is like Access Control List of CAS. It is a list of code
access permissions like File Dialog, Security, Reflection, Printing, etc.
which is grouped into a named set and provide access to secured resources.
Following are the default Permission sets of which last three sets can
be altered:
FullTrust : no permission restrictions
Execution- permission to execute but no access to protected resources
Nothing – no permission for any operation
LocalIntranet – represents the default policy for local intranet
Internet – Default policy for unknown code downloaded from the web
Everything- All permissions except that for skipping code verification
Permissions:
specifies the actions that are allowed to be executed for each code group.
For example, the File Dialog permission specifies whether an assembly
can prompt the User with the Open dialog box, Save Dialog box, etc. There
are 19 permissions available for configuration in the .Net framework Configuration
tool, some of which are as below:
FileIOPermission – access to work with files (read, write, append)
FileDialogPermission – ability to access the file selected by the
User in Open dialog box
UIPermission – rights to access the user interface
SQLClientPermission – ability to access SQL databases
Caspol (Code Access Security Policy) tool – CAS tool
A Security Policy is a logical grouping of code groups and permission
set. By setting permissions to the code group instead of the individual
assemblies, the management of security policy becomes easier. The security
policy is usually configured by the System Administrator at multiple levels
like Enterprise, User and Machine.
Enterprise level policy is configured at the enterprise level through
the Active Directory service and grants all code full trust. Machine level
policy applies to all code executed on a computer. User level policy defines
permissions on user basis. It should be noted that the effective permissions
of an assembly are the intersection (minimum of all the permission sets)
of permissions granted to the assembly by CAS.
The security policy can be managed either through user interface provided
in the Microsoft Management Console or by using a simple command-line
tool, Caspol. Caspol is used to view and set the trust level for each
code group and manage the code groups and permissions in granular fashion.
It should be executed in the folder in which the .Net framework is installed.
Some of the tasks that can be executed using Caspol are:
• Grant full trust to an assembly
• Add a new code group to the machine policy
• Add a code group to the User policy
• Reset policy levels for Machine policy level
.Net classes for working with CAS
The .Net framework has provided different classes for working with CAS
programmatically through a well-defined set of CAS permission classes.
By using declarative CAS with this set of classes, the assembly can be
ensured to have the necessary permissions for its execution and none that
it does not require. Also, the Administrator can provide the minimum set
of permissions demanded by the declarative CAS of the assembly needed
for all its functionalities.
For each type of resource that can be protected, the framework provides
a class corresponding to that resource. The names of these classes are
suffixed with ‘Permission’. Some of them are FileDialogPermission,
OdbcPermission, RegistryPermission, etc. Using these classes, access to
the resources can be controlled through its members programmatically.
The namespace, System.Security.Permissions has to be included to use these
classes.
Thus, .Net framework has offered a managed security environment for using
it in the development of distributed applications where security is a
vital factor.
