CODEWITHSUNDEEP
c#.net
Searcher
Searcher

Reputation: 1855

what are the components to ensure secure execution of code

In interview, interviewer asked me one question that, What are the components to ensure secure execution of code in .net. I tried in google but failed. Can any one give me the answer or link?

I found one word document. In that I found that components of secure code execution are Assembly loader, code verifier, JIT. Is this correct?

Upvotes: 1

Views: 222

Answers (3)

Marcelo De Zen
Marcelo De Zen

Reputation: 9497

"Secure execution of code" could mean many things. But I think the interviewer asked for Code Access Security, which is the security model of .net environment.

The CAS is not the same for all framework versions and is a complex subject to explain here. Basically its allow or disallow code execution based on the assembly and code notation, assembly origin, trust level, etc.

You can get some intro here:

2.0 or 3.5 => http://msdn.microsoft.com/en-us/library/c5tk9z76(v=vs.90)

4.0 or 4.5 => http://msdn.microsoft.com/en-us/library/c5tk9z76(v=vs.100)

Upvotes: 0

Blaze Phoenix
Blaze Phoenix

Reputation: 889

My answer off the top of my head would be a Try-Catch block. You will want to catch exceptions by type to give meaningful output to your user (if need be), but a general exception can work great for internal testing.

try
{
    /*Some code which could throw exceptions.*/
}
catch (Exception e)
{
    Console.WriteLine("Error: {0}\nStack Trace: {1}", e.Message, e.StackTrace);
}

However, I am only going off of the idea that "secure execution" means without crashing.

Upvotes: 0

Alex
Alex

Reputation: 8116

Have a look at the CLR security model. Microsoft has a good article about it.

Summary:

The common language runtime of the .NET Framework has its own secure execution model that isn't bound by the limitations of the operating system it's running on. In addition, unlike the old principal-based security, the CLR enforces security policy based on where code is coming from rather than who the user is. This model, called code access security, makes sense in today's environment because so much code is installed over the Internet and even a trusted user doesn't know when that code is safe.

The Security Infrastructure of the CLR

Upvotes: 1

Related Questions