Code Access Security

Code Access Security (CAS) ist das Sicherheitsmodell in Microsofts .NET-Framework und stellt Microsofts Lösung dar, nicht privilegierten und nicht vertrauten Code an der Ausführung sicherheitskritischer Aktionen zu hindern. Wird eine Assembly durch die Common Language Runtime (CLR) geladen, wird diese vor deren Ausführung inspiziert. Dabei wird festgestellt, zu welcher Sicherheitszone die Assembly gehört. Eine Sicherheitszone stellt dabei eine Ansammlung von Rechten dar.

Code, der sicherheitsrelevante Aufgaben durchführen will, muss seinerseits das Recht zur Ausführung dieser Aufgabe von der CLR erfragen. Dabei prüft die CLR mit einem Durchlauf durch die Aufrufliste (Engl. call stack), welche Rechte der Assembly durch die Zugehörigkeit zu einer Sicherheitsgruppe gewährt wurden und gewährt oder verbietet ihrerseits die Ausführung dieser Aufgabe.

Die Rechte einer Sicherheitszone werden vom Systemadministrator festgelegt.

Wikimedia Foundation.

Schlagen Sie auch in anderen Wörterbüchern nach:

  • Code Access Security — (CAS), in the Microsoft .NET framework, is Microsoft s solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the code group that the …   Wikipedia

  • Code Access Security — Code Access Security  механизм защиты, позволяющий ограничивать доступ коду к ресурсам компьютера. Используется в среде .NET Framework. Используется для определения разрешений и установки прав доступа к различным системным ресурсам,… …   Википедия

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • code — [kəʊd ǁ koʊd] noun 1. [countable] LAW a complete set of written rules or laws: • Each state in the US has a different criminal and civil code. ˈbuilding code [countable] LAW a set of rules that states what features a new building, bridge etc… …   Financial and business terms

  • Access code — An access code is a sequence of characters and/or numbers that allow access to a secure service. Access codes are often used in security systems to permit entry. [ [ term/0,2542,t=access+code i=37382,00.asp PC… …   Wikipedia

  • Access control — is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical… …   Wikipedia

  • Security guard — Private factory guard Occupation Activity sectors Security Description A security guard (or security officer) is a person who is paid to protect pro …   Wikipedia

  • Code injection — is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or inject ) code into a computer program to change the course of execution. The results of a code injection… …   Wikipedia

  • Code signing — is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Code signing can provide several valuable …   Wikipedia

  • Security as a service — refers to the practice of delivering traditional security applications as an Internet based service, on demand, to consumers and businesses. It is an example of the everything as a service trend and shares many of the common characteristics,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.