MSDN Magazine - October 2008 - (Page 20)

Figure 3 Comparing Transparent, SafeCritical, and Critical Code Transparent Access Restrictions Cannot directly call Critical code. SafeCritical Can do everything that Critical code can. Must make sure to perform the applicable checks before and after calling into Critical code. Critical Is privileged and able to call any code. Equivalent of full trust only. Can never be called directly by Transparent code, but may be exposed via SafeCritical code. May contain unsafe or unverifiable code. Only available to Silverlight platform assemblies. Types can derive from all types regardless of annotations. Methods must derive from Critical virtual/interface methods. Unsafe Code Availability to Application or Platform Code Type Inheritance Characteristics Method Override Characteristics Cannot contain unsafe or unverifiable code. Present in both application and platform code. Types must derive from other Transparent types. Methods must override Transparent or SafeCritical virtual/interface methods. May contain unsafe or unverifiable code. Only available to Silverlight platform assemblies. Types must derive from Transparent or SafeCritical types. Methods must derive from Transparent or SafeCritical virtual/interface methods. To summarize the Silverlight Transparency model, remember that all code is Transparent by default. All Silverlight applications are completely Transparent. All markings indicating otherwise are ignored. In addition, a fixed permission set means Transparency is the only enforcement mechanism needed for CoreCLR. Figure 3 summarizes the three types of code and their abilities and traits. Exposure to Silverlight Transparency Much of the benefit of the Silverlight Transparency model manifested itself in the simplicity of security enforcement in the Silverlight platform. Since Silverlight is a closed platform, there is currently no notion of trusted third-party libraries. Therefore, a developer’s interaction with the Silverlight Transparency model is limited to the APIs he is allowed to call—those that are Transparent or SafeCritical—as his applications are completely Transparent. On the .NET Framework, however, the platform is not closed, and so it is possible to develop additional libraries that could benefit from simpler security enforcement. However, developers may see these benefits in the next major release of the desktop framework. The Transparency model we introduced in .NET Framework 2.0 made the tasks of analyzing and judging the security of APTCA libraries much simpler; the Silverlight Transparency model took that another step up, allowing us to make assumptions and guarantees that previously had to be confirmed through painstaking review. In the future, we plan to introduce the tightened rules around Transparent code, the SafeCritical attribute, and the Transparency inheritance rules to the full .NET Framework. We also plan to make them available to external developers as well. One major difference between the desktop framework and Silverlight is that most applications on the desktop framework are built for full-trust environments, while all Silverlight applications are built for a partial-trust environment. Most desktop applications can do anything they want and would continue to be able to do so—they won’t have to think about Transparency at all. Implementationwise, these applications will be considered Critical. 20 msdn magazine APTCA library developers will experience many of the benefits of our Silverlight platform assemblies. The auditable surface area of an APTCA library is now focused on the SafeCritical layer, as the Critical layer is not accessible from partially trusted, Transparent code. Furthermore, the introduction of the inheritance rules ensures that the library overrides and derivatives aren’t unintentionally exposing any security holes. (Just keep in mind that, due to the fact that there’s a variety of possible sandboxes on the desktop framework, APTCA libraries will have to handle individual permissions. Therefore, SafeCritical APIs may have to perform permission demands as well as other input validation checks.) The stricter Transparent code rules also mean that partially trusted applications will be safer and more performant than before. In the .NET Framework 2.0 Transparency model, Transparent code that called or contained unsafe or unverifiable code faced injected demands for UnmanagedCodePermission and the expensive stack walk that resulted when the unsafe/unverifiable code was called. This typically results in a failure, as most sandboxes do not contain this permission in their permission grant sets. In the new Transparency model, these will be hard failures—as in the CoreCLR, there would be no injected demand and, therefore, no stack walk. By bringing the new Transparency model to the next version of the desktop framework, we hope to make it easier to develop APTCA libraries as well as improve the experience around developing partially trusted applications.  Andrew dAi is a Program Manager for the CLR at Microsoft. He works on security for Silverlight and the desktop framework. CLr Inside Out Table of Contents for the Digital Edition of MSDN Magazine - October 2008MSDN Magazine - October 2008ContentsToolboxCLR Inside OutBasic InstinctsCutting EdgePatterns In PracticeService StationParadigm ShiftCoding ToolsConcurrency HazardsAsp.net AJAX 4.0Easy AsyncFoundationsWindows With C++Going Places.NET Matters{ End Bracket }MSDN Magazine - October 2008MSDN Magazine - October 2008 - (Page Intro)MSDN Magazine - October 2008 - Contents (Page Cover1)MSDN Magazine - October 2008 - Contents (Page Cover2)MSDN Magazine - October 2008 - Contents (Page 1)MSDN Magazine - October 2008 - Contents (Page 2)MSDN Magazine - October 2008 - Contents (Page 3)MSDN Magazine - October 2008 - Contents (Page 4)MSDN Magazine - October 2008 - Contents (Page 5)MSDN Magazine - October 2008 - Contents (Page 6)MSDN Magazine - October 2008 - Contents (Page 7)MSDN Magazine - October 2008 - Contents (Page 8)MSDN Magazine - October 2008 - Contents (Page 9)MSDN Magazine - October 2008 - Contents (Page 10)MSDN Magazine - October 2008 - Toolbox (Page 11)MSDN Magazine - October 2008 - Toolbox (Page 12)MSDN Magazine - October 2008 - Toolbox (Page 13)MSDN Magazine - October 2008 - Toolbox (Page 14)MSDN Magazine - October 2008 - Toolbox (Page 15)MSDN Magazine - October 2008 - Toolbox (Page 16)MSDN Magazine - October 2008 - CLR Inside Out (Page 17)MSDN Magazine - October 2008 - CLR Inside Out (Page 18)MSDN Magazine - October 2008 - CLR Inside Out (Page 19)MSDN Magazine - October 2008 - CLR Inside Out (Page 20)MSDN Magazine - October 2008 - CLR Inside Out (Page 21)MSDN Magazine - October 2008 - CLR Inside Out (Page 22)MSDN Magazine - October 2008 - Basic Instincts (Page 23)MSDN Magazine - October 2008 - Basic Instincts (Page 24)MSDN Magazine - October 2008 - Basic Instincts (Page 25)MSDN Magazine - October 2008 - Basic Instincts (Page 26)MSDN Magazine - October 2008 - Basic Instincts (Page 27)MSDN Magazine - October 2008 - Basic Instincts (Page 28)MSDN Magazine - October 2008 - Basic Instincts (Page 29)MSDN Magazine - October 2008 - Basic Instincts (Page 30)MSDN Magazine - October 2008 - Basic Instincts (Page 31)MSDN Magazine - October 2008 - Basic Instincts (Page 32)MSDN Magazine - October 2008 - Cutting Edge (Page 33)MSDN Magazine - October 2008 - Cutting Edge (Page 34)MSDN Magazine - October 2008 - Cutting Edge (Page 35)MSDN Magazine - October 2008 - Cutting Edge (Page 36)MSDN Magazine - October 2008 - Cutting Edge (Page 37)MSDN Magazine - October 2008 - Cutting Edge (Page 38)MSDN Magazine - October 2008 - Cutting Edge (Page 39)MSDN Magazine - October 2008 - Cutting Edge (Page 40)MSDN Magazine - October 2008 - Cutting Edge (Page 41)MSDN Magazine - October 2008 - Cutting Edge (Page 42)MSDN Magazine - October 2008 - Patterns In Practice (Page 43)MSDN Magazine - October 2008 - Patterns In Practice (Page 44)MSDN Magazine - October 2008 - Patterns In Practice (Page 45)MSDN Magazine - October 2008 - Patterns In Practice (Page 46)MSDN Magazine - October 2008 - Patterns In Practice (Page 47)MSDN Magazine - October 2008 - Patterns In Practice (Page 48)MSDN Magazine - October 2008 - Patterns In Practice (Page 49)MSDN Magazine - October 2008 - Patterns In Practice (Page 50)MSDN Magazine - October 2008 - Patterns In Practice (Page 51)MSDN Magazine - October 2008 - Patterns In Practice (Page 52)MSDN Magazine - October 2008 - Patterns In Practice (Page 53)MSDN Magazine - October 2008 - Patterns In Practice (Page 54)MSDN Magazine - October 2008 - Patterns In Practice (Page 55)MSDN Magazine - October 2008 - Patterns In Practice (Page 56)MSDN Magazine - October 2008 - Patterns In Practice (Page 57)MSDN Magazine - October 2008 - Patterns In Practice (Page 58)MSDN Magazine - October 2008 - Patterns In Practice (Page 59)MSDN Magazine - October 2008 - Patterns In Practice (Page 60)MSDN Magazine - October 2008 - Patterns In Practice (Page 61)MSDN Magazine - October 2008 - Patterns In Practice (Page 62)MSDN Magazine - October 2008 - Patterns In Practice (Page 63)MSDN Magazine - October 2008 - Patterns In Practice (Page 64)MSDN Magazine - October 2008 - Service Station (Page 65)MSDN Magazine - October 2008 - Service Station (Page 66)MSDN Magazine - October 2008 - Service Station (Page 67)MSDN Magazine - October 2008 - Service Station (Page 68)MSDN Magazine - October 2008 - Service Station (Page 69)MSDN Magazine - October 2008 - Service Station (Page 70)MSDN Magazine - October 2008 - Service Station (Page 71)MSDN Magazine - October 2008 - Service Station (Page 72)MSDN Magazine - October 2008 - Service Station (Page 73)MSDN Magazine - October 2008 - Paradigm Shift (Page 74)MSDN Magazine - October 2008 - Paradigm Shift (Page 75)MSDN Magazine - October 2008 - Paradigm Shift (Page 76)MSDN Magazine - October 2008 - Paradigm Shift (Page 77)MSDN Magazine - October 2008 - Paradigm Shift (Page 78)MSDN Magazine - October 2008 - Paradigm Shift (Page 79)MSDN Magazine - October 2008 - Paradigm Shift (Page 80)MSDN Magazine - October 2008 - Paradigm Shift (Page 81)MSDN Magazine - October 2008 - Paradigm Shift (Page 82)MSDN Magazine - October 2008 - Paradigm Shift (Page 83)MSDN Magazine - October 2008 - Paradigm Shift (Page 84)MSDN Magazine - October 2008 - Paradigm Shift (Page 85)MSDN Magazine - October 2008 - Coding Tools (Page 86)MSDN Magazine - October 2008 - Coding Tools (Page 87)MSDN Magazine - October 2008 - Coding Tools (Page 88)MSDN Magazine - October 2008 - Coding Tools (Page 89)MSDN Magazine - October 2008 - Coding Tools (Page 90)MSDN Magazine - October 2008 - Coding Tools (Page 91)MSDN Magazine - October 2008 - Coding Tools (Page 92)MSDN Magazine - October 2008 - Coding Tools (Page 93)MSDN Magazine - October 2008 - Coding Tools (Page 94)MSDN Magazine - October 2008 - Coding Tools (Page 95)MSDN Magazine - October 2008 - Coding Tools (Page 96)MSDN Magazine - October 2008 - Coding Tools (Page 97)MSDN Magazine - October 2008 - Coding Tools (Page 98)MSDN Magazine - October 2008 - Coding Tools (Page 99)MSDN Magazine - October 2008 - Coding Tools (Page 100)MSDN Magazine - October 2008 - Coding Tools (Page 101)MSDN Magazine - October 2008 - Coding Tools (Page 102)MSDN Magazine - October 2008 - Coding Tools (Page 103)MSDN Magazine - October 2008 - Concurrency Hazards (Page 104)MSDN Magazine - October 2008 - Concurrency Hazards (Page 105)MSDN Magazine - October 2008 - Concurrency Hazards (Page 106)MSDN Magazine - October 2008 - Concurrency Hazards (Page 107)MSDN Magazine - October 2008 - Concurrency Hazards (Page 108)MSDN Magazine - October 2008 - Concurrency Hazards (Page 109)MSDN Magazine - October 2008 - Concurrency Hazards (Page 110)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 111)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 112)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 113)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 114)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 115)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 116)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 117)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 118)MSDN Magazine - October 2008 - Easy Async (Page 119)MSDN Magazine - October 2008 - Easy Async (Page 120)MSDN Magazine - October 2008 - Easy Async (Page 121)MSDN Magazine - October 2008 - Easy Async (Page 122)MSDN Magazine - October 2008 - Easy Async (Page 123)MSDN Magazine - October 2008 - Easy Async (Page 124)MSDN Magazine - October 2008 - Easy Async (Page 125)MSDN Magazine - October 2008 - Easy Async (Page 126)MSDN Magazine - October 2008 - Easy Async (Page 127)MSDN Magazine - October 2008 - Easy Async (Page 128)MSDN Magazine - October 2008 - Foundations (Page 129)MSDN Magazine - October 2008 - Foundations (Page 130)MSDN Magazine - October 2008 - Foundations (Page 131)MSDN Magazine - October 2008 - Foundations (Page 132)MSDN Magazine - October 2008 - Foundations (Page 133)MSDN Magazine - October 2008 - Foundations (Page 134)MSDN Magazine - October 2008 - Foundations (Page 135)MSDN Magazine - October 2008 - Foundations (Page 136)MSDN Magazine - October 2008 - Foundations (Page 137)MSDN Magazine - October 2008 - Foundations (Page 138)MSDN Magazine - October 2008 - Windows With C++ (Page 139)MSDN Magazine - October 2008 - Windows With C++ (Page 140)MSDN Magazine - October 2008 - Windows With C++ (Page 141)MSDN Magazine - October 2008 - Windows With C++ (Page 142)MSDN Magazine - October 2008 - Windows With C++ (Page 143)MSDN Magazine - October 2008 - Windows With C++ (Page 144)MSDN Magazine - October 2008 - Going Places (Page 145)MSDN Magazine - October 2008 - Going Places (Page 146)MSDN Magazine - October 2008 - Going Places (Page 147)MSDN Magazine - October 2008 - Going Places (Page 148)MSDN Magazine - October 2008 - Going Places (Page 149)MSDN Magazine - October 2008 - Going Places (Page 150)MSDN Magazine - October 2008 - Going Places (Page 151)MSDN Magazine - October 2008 - Going Places (Page 152)MSDN Magazine - October 2008 - .NET Matters (Page 153)MSDN Magazine - October 2008 - .NET Matters (Page 154)MSDN Magazine - October 2008 - .NET Matters (Page 155)MSDN Magazine - October 2008 - .NET Matters (Page 156)MSDN Magazine - October 2008 - .NET Matters (Page 157)MSDN Magazine - October 2008 - .NET Matters (Page 158)MSDN Magazine - October 2008 - .NET Matters (Page 159)MSDN Magazine - October 2008 - { End Bracket } (Page 160)MSDN Magazine - October 2008 - { End Bracket } (Page Cover3)MSDN Magazine - October 2008 - { End Bracket } (Page Cover4)http://www.nxtbook.com/nxtbooks/cmp/msdnmag1109http://www.nxtbook.com/nxtbooks/cmp/msdnmag1009http://www.nxtbook.com/nxtbooks/cmp/msdnmag0909http://www.nxtbook.com/nxtbooks/cmp/msdnmag0809http://www.nxtbook.com/nxtbooks/cmp/msdnmag0709http://www.nxtbook.com/nxtbooks/cmp/msdnmag0609http://www.nxtbook.com/nxtbooks/cmp/msdnmag0509http://www.nxtbook.com/nxtbooks/cmp/msdnmag0409http://www.nxtbook.com/nxtbooks/cmp/msdnmag0309http://www.nxtbook.com/nxtbooks/cmp/msdnmag0209http://www.nxtbook.com/nxtbooks/cmp/msdnmag0109http://www.nxtbook.com/nxtbooks/cmp/msdnmag1208http://www.nxtbook.com/nxtbooks/cmp/msdnmag1108http://www.nxtbook.com/nxtbooks/cmp/msdnmag1008http://www.nxtbook.com/nxtbooks/cmp/msdnmag0908http://www.nxtbook.com/nxtbooks/cmp/msdnmag0808http://www.nxtbook.com/nxtbooks/cmp/msdnmag0708http://www.nxtbook.com/nxtbooks/cmp/msdnmag0608http://www.nxtbook.com/nxtbooks/cmp/msdnmag0408http://www.nxtbook.com/nxtbooks/cmp/msdnmag0308http://www.nxtbook.com/nxtbooks/cmp/msdnmag-launch021508http://www.nxtbook.com/nxtbooks/cmp/msdnmag0208http://www.nxtbook.com/nxtbooks/cmp/msdnmag0108http://www.nxtbook.com/nxtbooks/cmp/msdnmag1207http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.