Wednesday, August 31, 2011

Security Features in .net 4.0



The .net Framework 4 brings in new meaning to security .Its very handy .Here the Framework classify the code into 3 Types
SecurityCritical: This code can only be accessed by fully trusted callers
SecuritySafeCritical: this code can access by partially trusted Callers
SecurityTransparent: This code is not trusted or the code with lowest privilege

Each of these could be demonstrated with an example
Scenario 1: Security Transparent Code Accessing Security Critical Code
Scenario 2: Security Critical Code Accessing Security Critical Code
Scenario 3: How to allow some methods to be accessible by Security Transparent Code

Scenario 1: Security Transparent Code Accessing Security Critical Code
Caller Code in one Assembly

using System.Security;
using CalleeLibrary ;

[ assembly:SecurityTransparent  ]
namespace Caller
{
  
    class Program
    {
      
     
        static void Main(string[] args)
        {
            Callee callee = new Callee  ("Tom");
            callee.GetDetails()  ;
        }
    }
}

Callee Code  in Second Assembly

using System;
using System.Security;

[assembly: SecurityCritical]
namespace CalleeLibrary
{
     public class Callee
    {

        private string Name;
 
        public Callee(string name)
        {
            Name = name;
        }

    
        public void GetDetails()
        {
            Console.WriteLine("Name passed From Caller:" + Name);  
        }
    }
}


The Reason here is that a SecurityTransparent Assembly cannot Access the Security CriticalCode


Scenario 2: Security Critical Code Accessing Security Critical Code

Mark the Calling Assembly with SecurityCritical to set it right

Callee Library code

using System.Security;
using CalleeLibrary ;

[ assembly:SecurityCritical  ]
namespace Caller
{
  
    class Program
    {
      
     
        static void Main(string[] args)
        {
            Callee callee = new Callee  ("Tom");
            callee.GetDetails()  ;
        }
    }
}

As result of which you code starts running.
Scenerio3: How to Allow some methods to be accessible by Security Transparent Code

using System.Security;
using CalleeLibrary ;

[ assembly:SecurityTransparent  ]
namespace Caller
{
  
    class Program
    {
      
     
        static void Main(string[] args)
        {
            Callee callee = new Callee  ("Tom");
            callee.GetDetails()  ;
        }
    }
}

Mark the Callee Assembly with AllowPartiallyTrustedCallers and mark the code which are to be accessed by SecurityTransparent code with SecuritySafeCritical  Attribute


Following table represents the observations thatvwhere the observation which were made When Assembly A1 and A2 where applied the following attributes A1 refers to the caller Assembly and A2 refers to the Callee Assembly

A1 -rows/A2 -columns
SecurityCritical
SecurityTransparent
SecuritySafeCritical
SecurityCritical
yes
yes
yes
SecurityTransparent
no
yes
no
SecuritySafeCritical
yes
yes
yes


The table below gives an Idea about the scope of the security Attributes with respect to the language constructs

Attribute
Namespace/Assembly
Class
Method/Constructor
Property
Member
SecurityCritical
yes
yes
yes
No
yes
Security Transparent
yes
yes
no
No
no
SecuritySafeCritical
no
yes
yes
no
Yes
AllowPartiallyTrustedCallers
yes
no
no
no
no