What Does Code Access Security Mean?
Code access security (CAS) is a security mechanism by which the common language runtime (CLR) of the .NET framework can restrict the managed code to execute operations with a limited set of permissions.
CAS enforces security policies in the .NET framework by preventing unauthorized access to protected resources and operations. Unlike traditional security methods, where user credentials are obtained from the user, CAS is designed to address the issues faced when obtaining code from external sources, which contain bugs and vulnerabilities. These bugs and vulnerabilities may make a user’s system vulnerable to malicious code, which may be performing tasks without the user knowing it. CAS actually knows and allows only those operations a given user’s code can and cannot perform. This feature is applicable to all managed code targeting the CLR.
CAS provides evidence-based security built on a layer above the security provided by the Windows operating system. While Windows is based on the permissions of the user, CAS is based on the evidence for the assembly. The assembly contains the permissions defined in the security policy and forms the basis for allowing code to execute necessary actions.
Techopedia Explains Code Access Security
CAS is built on the following elements, among others:
- Permissions: These are the basic rights needed to access a protected resource or execute a protected operation.
- Permission Set: This is a set of permissions, such "full trust", "nothing", "Internet", "local intranet" and others.
- Code Group: This is a logical grouping of code with a specified condition for membership such as LocalIntranet_zone and Internet_zone.
- Evidence: This is assembly-related information such as application directory, publisher, URL and security zone.
- Security Policy: This is a set of rules configured by an administrator to determine the permissions granted for a code expressed hierarchically at four levels as enterprise, machine, user and application domain.
The code-executing privileged operation demands the CLR for one or more permissions. The actual permission is calculated using the union of permission set in the code groups and then an intersection at the policy level. The CLR ensures the demanded permissions are in the granted permissions of the method of that assembly. If permission is not granted, a security exception will be thrown.
CAS provides two security modes to define permissions for code:
- Declarative security is implemented by defining security attributes at the assembly level, class level or member level. Declarative mode is used when calls need to be evaluated at compile time.
- Imperative security uses run time method calls to create instances of security classes. Imperative mode is used when calls need to be evaluated at run time.
CAS has limitations, including the malfunctioning of an application moved to another system when the security policy is different. In addition, there is no control on unmanaged code and no control of the development of applications to cater to the needs of different scenarios of security settings on user systems.
To effectively use the fine-grained security technology of CAS, developers should write type-safe code, use declarative or imperative syntax based on context, request permissions from run time for code to run, and use secure libraries.