1
00:00:01,330 --> 00:00:07,290
Let's move to a java virtual machine and code Access security I'm talking about the net framework

2
00:00:09,940 --> 00:00:15,220
both technologies allow granting permissions to programs as we already know.

3
00:00:15,240 --> 00:00:23,020
A process doesn't define a security boundary a solution that can effectively replace this is the code

4
00:00:23,020 --> 00:00:24,620
Access security mechanism

5
00:00:27,500 --> 00:00:35,020
with virtual environments enable granting permissions to programs that are independent of the user permissions.

6
00:00:35,030 --> 00:00:40,130
This means that regardless of the user account use to launch a program if loading data from the main

7
00:00:40,130 --> 00:00:47,940
folder on the C. disk is disabled for the program it will throw up an exception an administrator or

8
00:00:47,950 --> 00:00:53,110
program developer Grant's code permissions without regard to the user account permissions used to run

9
00:00:53,110 --> 00:00:54,080
the program.

10
00:00:55,330 --> 00:01:01,760
The mechanisms of course are overlapping to run a program you would need to have appropriate privileges

11
00:01:02,280 --> 00:01:06,950
but once a program is launched it executes its own additional permissions.

12
00:01:06,950 --> 00:01:08,570
How were they created in Windows

13
00:01:12,930 --> 00:01:17,880
with the dot net framework or programs permissions set as a sign according to the level of trust that

14
00:01:17,880 --> 00:01:18,870
it's granted.

15
00:01:20,030 --> 00:01:25,060
We need to identify a program read its label.

16
00:01:25,150 --> 00:01:32,030
Next we need to authorize all operations executed by the program in attempt to execute a disallowed

17
00:01:32,030 --> 00:01:33,770
operation will result in the error.

18
00:01:33,770 --> 00:01:35,030
You can see below.

19
00:01:37,500 --> 00:01:40,690
Code Access security is treated as a security boundary.

20
00:01:42,000 --> 00:01:47,300
Microsoft reacts to all attempts to cross the boundary by issuing an appropriate critical security update.

21
00:01:49,470 --> 00:01:54,420
The mechanism for gaining code permissions is complicated to simplify it.

22
00:01:54,420 --> 00:01:56,940
Permissions are created in several ways.

23
00:01:58,800 --> 00:02:02,010
First a program can belong to a zone.

24
00:02:02,150 --> 00:02:07,480
It can for example belong to the Internet or Internet zone which means that it can be downloaded from

25
00:02:07,480 --> 00:02:16,000
a LAN or external network or program can also belong to your local computer zome.

26
00:02:16,130 --> 00:02:20,360
It will then be granted a different trust level.

27
00:02:20,440 --> 00:02:27,590
The levels are governed by the site of origin of a launched program beyond that will also have credentials

28
00:02:27,800 --> 00:02:30,270
or a program signature.

29
00:02:30,270 --> 00:02:40,950
These two mechanisms will overlap to build a result and program permissions list.

30
00:02:41,000 --> 00:02:46,460
If this mechanism is to be used to its full potential software developers must request granting appropriate

31
00:02:46,460 --> 00:02:54,580
permissions to a program either declaratively or procedurally the top listening in the slide above shows

32
00:02:54,580 --> 00:02:57,160
a demand for granting permissions to read a file.

33
00:02:59,960 --> 00:03:05,420
The below listing shows the explicit specification for a program to not execute some operations

34
00:03:09,090 --> 00:03:13,360
the effectiveness of protecting that rating system is underpinned by risk management

35
00:03:17,020 --> 00:03:19,350
to manage risks in a purposeful manner.

36
00:03:19,360 --> 00:03:24,730
You have to be aware of the threats that you may face and know the inbuilt system security technologies

37
00:03:26,170 --> 00:03:34,010
basic concept that relates to classifying the technologies is a security boundary a security boundary

38
00:03:34,010 --> 00:03:39,170
allows you to control data flow between a code and another code.

39
00:03:39,230 --> 00:03:42,140
There's fewer boundaries in the system than it could seem.

40
00:03:42,190 --> 00:03:45,040
One boundary is set by the computer itself.

41
00:03:45,160 --> 00:03:51,060
The others are defined by a system more by the user role over the past 10 years.

42
00:03:51,090 --> 00:03:58,120
Only one new boundary has emerged a boundary set by a virtual machine or a Java framework.

43
00:04:00,430 --> 00:04:02,280
Within the domain set by a boundary.

44
00:04:02,320 --> 00:04:06,410
Malicious processes are not controlled.

45
00:04:06,450 --> 00:04:08,430
It's vital to plan your security solutions.

46
00:04:08,430 --> 00:04:09,450
With this in mind

47
00:04:12,780 --> 00:04:13,280
thank you.