NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Code Access Security

Today's highly connected computer systems are frequently exposed to mobile code, which can come from any source and be embedded and used in a multitude of environments. Mobile, executable code can be attached to e-mail, it can be contained in documents, and it can be downloaded over the Internet. Unfortunately, many computer users have experienced firsthand the damaging effects of malicious mobile code, such as viruses or worms, which can damage or destroy data and cost time and money.

Typically, users and administrators try to protect code and data from malicious mobile code by increasing the frequency of data backups, using and updating anti-virus software, and putting firewalls in place. Yet, despite these precautions, malicious code still sometimes manages to successfully damage, destroy, or copy private data.

Other security mechanisms are being used, such as security systems that give rights to users based on their login credentials (usually a password) and restrict what resources (often directories and files) the user is allowed to access. However, several issues are not addressed by this approach: users obtain code from many sources, some of which might be unreliable; code can contain bugs or vulnerabilities that enable it to be exploited by malicious code; and code sometimes does things that the user doesn't know it will do. So, unfortunately, computer systems can be damaged and private data can be leaked when cautious and trustworthy users run malicious or buggy software. When using operating system security mechanisms, essentially every piece of code must be trusted completely if it is allowed to run, except perhaps for script on a web page. Therefore, there is still a need for a widely applicable security mechanism that allows code originating on one computer system to be allowed to execute safely on another system, even when there is no trust relationship between the systems.

To help protect computer systems from malicious mobile code and to provide a way to allow mobile code to run safely, the NGWS runtime provides a security mechanism called code access security. Code access security assigns allows code to be trusted to varying degrees, depending on where the code comes from and on other aspects of the code's identity. Because code access security also enforces these varying levels of trust on code, the amount of code that must be fully trusted in order to run is minimized. Using code access security can reduce the likelihood that your code can be misused by malicious code, and it can reduce your liability because you can specify the set of operations your code should be allowed to perform as well as the operations your code should never be allowed to perform.