Security

Security - .NET Security 2 .NET Security Overview...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
.NET Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 .NET Security Overview Objectives This module will introduce you to security in .NET. We will show you the basic concepts of protection against malicious code and operations and we will present an overview on cryptographic support in .NET. It is important to make clear what we are not talking about: Security in the Microsoft Windows (or any other) operating system COM+ security ASP.NET security What you will learn Overview of security in .NET Design and use your own security solutions Cryptography in .NET Related Topics Covered In This Lesson Security and the Common Language Runtime How to encrypt and decrypt data
Background image of page 2
.NET Security 3 Overview Section 1: Overview We start with a short look on object-based security. We summarize its benefits and shortly discuss some issues. Subsequently we give an overview of the components that all together form security in .NET, for example the Common Language Runtime, Permissions, and Roles.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 .NET Security Overview Object based security models Securing distributed applications Distributed applications introduce a number of security issues. The basic requirements for distributed application security are: Identification and authentication : Who wants to access a certain object or resource? What is the origin of the code that wants to run on my machine? You cannot grant the same level of trust to all callers. Therefore the caller’s identity must be established depending on some information, like username/password combination or a digital signature. Data integrity and privacy : The messages that are exchanged between the caller and the callee may be confidential and therefore must be secured. It must be ensured that these data is protected from being altered and intercepted. For example, if you’re asking your boss for a pay rise via email, you don’t want a malicious co-worker changing the content into a termination. User authorization : Which operations is the user, respectively an object allowed to perform? For example, different groups of users have different access rights to different areas or virtual directories of an application residing on a Web Server. All together, security must be administrable. An administrator must have the ability to easily move a user to another user group, specify the level of trust that is admitted to a software component or simply manage secure access to objects or resources.
Background image of page 4
.NET Security 5 Objects act on behalf of the caller The principle of object-based security is that a caller/user wants to gain access to a secured object, which can be, for example, a file, a process, or the Windows Registry. Access token: When a user successfully logs into the system, the identity and the privileges of the user’s account are determined and an access token is created. An access token is an object describing the security context of each process executed on behalf of the user. When a certain process (or thread) tries to access a secured object, the access token is used to
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 64

Security - .NET Security 2 .NET Security Overview...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online