[Mono-devel-list] Code Access Security - Initial thoughts

Ben benjaminwootton at hotpop.com
Thu Dec 18 11:37:28 EST 2003


Here are my very early thoughts on how code access security would be 
implemented.

1.  Start off by specifying permission request/denials declaratively (as 
attributes) at the assembly level.
2.  The assembly metadata is checked at load time.  Requests for certain 
permissions, such as LinkDemand, will be made here.
3.  When other demands are made, the we call into the runtime and asks for 
permissions for each item on the call stack.  Initially, all requests are 
accepted.  It's then a matter of discussing how to distinguish code based 
on evidence, administrator defined code groups etc.  This logic can then be 
reponsible for throwing any exceptions on faliures.
4.  Add the concept of assertions to the stack walking code, for efficiency.

Any comments, or pointers to relevant code?  I'm still getting to grips 
with the mono code....

Thanks
Ben





More information about the Mono-devel-list mailing list