Code Access Security

With programs becoming easily accessible on the Internet, the threat of a virus has spread into the technical community.  .NET CLR provides code access security to allow administrators to specify privileges each managed code assembly has.  The CLR walks all the way from the top-level assembly when managed code makes a call from the CLR to access secure information.  This allows the top-level user the ability to be secure that the lower level secure information restrictions set by the administrator are not breached.

An administrator sets the security policy by editing an XML-based configuration file.  The permission sets that the administrator must provide list privelages that are granted and revoked as a group.  Some XML code for various types of permissions can be seen below.

a) Permission for unrestricted access to all environment variables

<Permission class = “System.Security.Permissions.EnvironmentPermission”>
 <Unrestricted/>
</Permission>

b) Permission for read-only access to the USERNAME, TEMP, and TMP variable.

<Permission class = “System.Security.Permissions.EnvironmentPermission”>
<Read> USERNAME; TEMP; TMP <Read/>
     </Permission>