Security1

Security1 - Security in .NET Objectives Security in .NET...

Info iconThis preview shows pages 1–16. Sign up to view the full content.

View Full Document Right Arrow Icon
Security in .NET
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Objectives Security in .NET Basic concepts - permissions Using and Managing permissions Cryprography in .NET Administer .NET Security
Background image of page 2
Contents Section 1: Overview Section 2: Core Concepts Section 3: Permissions Section 4: Security Administration Section 5: Cryptography Support Summary
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Section 1: Overview Looking back . .. .NET security core concepts
Background image of page 4
Object based security models Securing in distributed applications User identification and authentication Data integrity and privacy User authorization Security must be administrable User wants to access securable objects Access token and security descriptors
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
client/user client/user Looking back . .. Security mechanisms Different solutions for different issues Samples: Identification and authentication: Operating system account Authorization: Active Directory – a security database Encryption: HTTPS (HTTP over SSL) DCOM, CORBA, and TPMs Client/user Middle tier Server Client process Service/ component Server process
Background image of page 6
What’s wrong with that? Trust all or nothing at all TPMs are difficult to administer „Luring attacks“
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Section 2: Core Concepts Kinds of Security Permissions, Policies, and Roles Common Language Runtime Code Groups Stack Walking
Background image of page 8
Kinds of Security Code access security Protection against malicious mobile code Role-based security Principals User authorization Security model is based on permissions Heavily based on Common Language Runtime
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
.NET Framework Common Language Runtime Common Language Runtime Class Loader JIT compiler System Services Services Framework ASP.NET Windows Forms ...
Background image of page 10
Application Domain Host Host sets up Application Domain and loads assembly Trusted host and evidence Different hosts Shell Browser Server Custom-designed
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Evidence Information about the code Who published the Code Where did the Code come from Samples of types of evidence Signature Publisher of the code Strong name URL and Site of origin
Background image of page 12
Permissions, Policies, and Roles Permissions Access code to restricted areas Objects to control restrictions on managed code Security policy Rules, that the runtime must follow to check permissions Roles and the principal Named set of users Principals
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Code Group Hierarchy 1 All Code 1.1 Publisher: Microsoft 1.2 Zone: Internet 1.3 Zone: Local Intranet 1.4 Site: newtelligence.com 1.1.1 Site: LocalWeb 1.1.2 Name: MS Money 1.3.1 Publisher: newtelligence 1.3.2 Site: LocalWeb PS PS PS PS PS PS PS PS PS
Background image of page 14
Code Inspection and Stack Walking Security check Varying levels of trust Assembly A1 Assembly A2 Assembly A3 Assembly A4 G1 G4 G3 G2 P P P Call chain
Background image of page 15

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 48

Security1 - Security in .NET Objectives Security in .NET...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online