.NET Development Foundation/Security

Security

Security
Exam objective: Improving the security of the .NET Framework applications by using the .NET Framework 2.0 security features

Code access security
Code access security, CAS, allows the control of various permissions granted to specific managed applications. MSDN

Permissions allow access to system resources. A permission set is a collection of permissions. A code group relates exactly one permission set to exactly one evidence type. Evidence is used to identify an assembly. Evidence types can include the application directory, cryptographic hash of the assembly, publisher's digital signature, site from which the assembly was downloaded, cryptographic strong name of the assembly, URL from which the assembly was downloaded, and the security zone in which the assembly is running. Security zones include the computer zone, local Intranet zone, Internet zone, trusted site, and untrusted sites. See the Internet options security tab in Internet Explorer to view various security zones. An assembly can be associated with multiple code groups. Permission sets can be associated with multiple code groups.

A security policy is a logical grouping of code groups and permission sets. An untrusted managed assembly must pass through four security policies: The Enterprise security policy, machine security policy, user security policy, and application domain security policy. Any one of these security policies can deny an untrusted managed assembly permissions.

Implement code access security
Exam objective:  Implement code access security to improve the security of a .NET Framework application.

(Refer System.Security namespace)

SecurityManager class - MSDN

CodeAccessPermission class - MSDN

Modify the Code Access security policy at the machine, user, and enterprise policy level by using the Code Access Security Policy tool (Caspol.exe) - MSDN

PermissionSet class, NamedPermissionSet class, and PermissionSetCollection class


 * PermissionSet class - MSDN


 * NamedPermissionSet class - MSDN


 * PermissionSetCollection class


 * There does not seem to be such a thing, to be investigated...

Standard Security interfaces


 * IEvidenceFactory interface - MSDN


 * IPermission interface - MSDN

Implement access control
Exam objective: Implement access control by using the System.Security.AccessControl classes.

DirectorySecurity class, FileSecurity class, FileSystemSecurity class, and RegistrySecurity class


 * DirectorySecurity class - MSDN


 * FileSecurity class - MSDN


 * FileSystemSecurity class - MSDN


 * RegistrySecurity class - MSDN

AccessRule class - MSDN AuthorizationRule class and AuthorizationRuleCollection class


 * AuthorizationRule class - MSDN


 * AuthorizationRuleCollection class - MSDN

CommonAce class, CommonAcl class, CompoundAce class, GenericAce class, and GenericAcl class


 * CommonAce class - MSDN


 * CommonAcl class - MSDN


 * CompoundAce class - MSDN


 * GenericAce class - MSDN


 * GenericAcl class - MSDN

AuditRule class - MSDN

MutexSecurity class, ObjectSecurity class, and SemaphoreSecurity class


 * MutexSecurity class - MSDN


 * ObjectSecurity class - MSDN


 * SemaphoreSecurity class - MSDN

Implement custom authentication scheme
Exam objective: Implement a custom authentication scheme by using the System.Security.Authentication classes.

(Refer System.Security.Authentication namespace - MSDN)

For a reference on custom authentification schemes see MSDN

Encrypt, decrypt and hash data
Exam objective: Encrypt, decrypt, and hash data by using the System.Security.Cryptography classes.

(Refer System.Security.Cryptography namespace)

DES class and DESCryptoServiceProvider class


 * DES class - MSDN


 * DESCryptoServiceProvider class - MSDN

HashAlgorithm class - MSDN

DSA class and DSACryptoServiceProvider class


 * DSA class - MSDN


 * DSACryptoServiceProvider class - MSDN

SHA1 class and SHA1CryptoServiceProvider class


 * SHA1 class - MSDN


 * SHA1CryptoServiceProvider class - MSDN

TripleDES and TripleDESCryptoServiceProvider class


 * TripleDES - MSDN


 * TripleDESCryptoServiceProvider class - MSDN

MD5 class and MD5CryptoServiceProvider class


 * MD5 class - MSDN


 * MD5CryptoServiceProvider class - MSDN

RSA class and RSACryptoServiceProvider class


 * RSA class - MSDN


 * RSACryptoServiceProvider class - MSDN

RandomNumberGenerator class - MSDN

CryptoStream class - MSDN

CryptoConfig class - MSDN

RC2 class and RC2CryptoServiceProvider class


 * RC2 class - MSDN


 * RC2CryptoServiceProvider class - MSDN

AssymetricAlgorithm class MSDN ProtectedData class and ProtectedMemory class


 * ProtectedData class - MSDN


 * ProtectedMemory class - MSDN

RijndaelManaged class and RijndaelManagedTransform class


 * RijndaelManaged class - MSDN


 * RijndaelManagedTransform class - MSDN

CspParameters class - MSDN

CryptoAPITransform class - MSDN

Hash-based Message Authentication Code (HMAC) - MSDN


 * HMACMD5 class - MSDN


 * HMACRIPEMD160 class - MSDN


 * HMACSHA1 class - MSDN


 * HMACSHA256 class - MSDN


 * HMACSHA384 class - MSDN


 * HMACSHA512 class - MSDN

Control permissions
Exam objective: Control permissions for resources by using the System.Security.Permission classes.

(Refer System.Security.Permission namespace)

SecurityPermission class - MSDN

PrincipalPermission class - MSDN

FileIOPermission class - MSDN
 * You can also set the FileIoPermisson attribute at assembly level or class level. Be then aware about the SecurityAction enumerations:
 * SecurityAction.RequestRefuse: specifies the operations that should not be granted.
 * SecurityAction.RequestMinumum: request for a minimum set of permissions. If not given, the app will not execute.

StrongNameIdentityPermission class - MSDN

UIPermission class - MSDN

UrlIdentityPermission class - MSDN

PublisherIdentityPermission class - MSDN

GacIdentityPermission class - MSDN

FileDialogPermission class - MSDN

DataProtectionPermission class - MSDN

EnvironmentPermission class - MSDN

IUnrestrictedPermission interface - MSDN

RegistryPermission class - MSDN

IsolatedStorageFilePermission class - MSDN

KeyContainerPermission class - MSDN

ReflectionPermission class - MSDN

StorePermission class - MSDN

SiteIdentityPermission class - MSDN

ZoneIdentityPermission class - MSDN

Control code privileges
Exam objective: Control code privileges by using System.Security.Policy classes.

(Refer System.Security.Policy namespace)

ApplicationSecurityInfo class and ApplicationSecurityManager class


 * ApplicationSecurityInfo class - MSDN


 * ApplicationSecurityManager class - MSDN

ApplicationTrust class and ApplicationTrustCollection class


 * ApplicationTrust class - MSDN


 * ApplicationTrustCollection class - MSDN

Evidence class and PermissionRequestEvidence class


 * Evidence class - MSDN


 * PermissionRequestEvidence class - MSDN

CodeGroup class, FileCodeGroup class, FirstMatchCodeGroup class, NetCodeGroup class, and UnionCodeGroup class


 * CodeGroup class - MSDN


 * FileCodeGroup class - MSDN


 * FirstMatchCodeGroup class - MSDN


 * NetCodeGroup class - MSDN


 * UnionCodeGroup class - MSDN

Condition classes


 * AllMembershipCondition class - MSDN


 * ApplicationDirectory class and ApplicationDirectoryMembershipCondition class


 * ApplicationDirectory class - MSDN


 * ApplicationDirectoryMembershipCondition class - MSDN


 * GacMembership class and GacMembershipCondition class


 * GacMembership class


 * No search results on MSDN!? a little investigation required here.


 * GacMembershipCondition class - MSDN


 * Hash class and HashMembershipCondition class


 * Hash class - MSDN


 * HashMembershipCondition class - MSDN


 * Publisher class and PublisherMembershipCondition class


 * Publisher class - MSDN


 * PublisherMembershipCondition class - MSDN


 * Site class and SiteMembershipCondition class


 * Site class - MSDN


 * SiteMembershipCondition class - MSDN


 * StrongName class and StrongNameMembershipCondition class


 * StrongName class - MSDN


 * StrongNameMembershipCondition class - MSDN


 * Url class and UrlMembershipConditon class


 * Url class - MSDN


 * UrlMembershipConditon class - MSDN


 * Zone class and ZoneMembershipCondition class


 * Zone class - MSDN


 * ZoneMembershipCondition class - MSDN

PolicyLevel class and PolicyStatement class


 * PolicyLevel class - MSDN


 * PolicyStatement class - MSDN

IApplicationTrustManager interface, IMembershipCondition interface, and IIdentityPermissionFactory interface


 * IApplicationTrustManager interface - MSDN


 * IMembershipCondition interface - MSDN


 * IIdentityPermissionFactory interface - MSDN

Access and modify identity information
Exam objective: Access and modify identity information by using the System.Security.Principal classes.

(Refer System.Security.Principal namespace)

GenericIdentity class and GenericPrincipal class


 * GenericIdentity class - MSDN


 * GenericPrincipal class - MSDN

WindowsIdentity class and WindowsPrincipal class


 * WindowsIdentity class - MSDN


 * WindowsPrincipal class - MSDN

NTAccount class and SecurityIdentifier class


 * NTAccount class - MSDN


 * SecurityIdentifier class - MSDN

IIdentity interface and IPrincipal interface


 * IIdentity interface - MSDN


 * IPrincipal interface - MSDN

WindowsImpersonationContext class - MSDN

IdentityReference class and IdentityReferenceCollection class


 * IdentityReference class - MSDN


 * IdentityReferenceCollection class - MSDN

Previous / Next