Shawn Farkas: CLR 4 - Inside the new Managed Security Model

Posted: May 27, 2009 at 12:10 PM

By: Charles

(1)

50,521 Views

10 Comments

Video format

Option selected may change based on video formats available and browser capability.

Auto

Use our suggested format for this video.

Smooth Streaming

Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth. Silverlight 5 required

Progressive

Traditional buffered video format. Silverlight 5 required

HTML5

For browsers that support H.264 MP4 or WebM video playback such as:
IE9+, Firefox 4+, Chrome 5+, or Safari 4+.

Flash

For browsers that have the Adobe Flash Player plugin installed.

Senior SDE Shawn Farkas digs into the new security model in CLR 4. Gone are the days of head scratching complexity when it comes to reasoning about security in the managed world. The main goal for CLR 4 security was simplicity, in design and implementation for consumers (developers) of both security policy and secure design at the code level (both of these have been traditionally overly complex with a side effect of enabling insecurity rather than preventing it).

Shawn has been working on security inside the CLR (which of course manifests itself in the managed code and libraries you use to build your applications and services). He and team have been very, very busy over the past few years essentially rearchitecting the core security model of the CLR. What, exactly, have they done? Given the somewhat drastic changes, how does this impact compatibility (especially for those applications that took the leap and built complex CAS and policies into their applications)?

There's a lot of very useful information in this conversation with plenty of whiteboarding. It's great to see the managed security model evolve into a much more simple expressive model with policy patterns that mere mortals can understand and reason about. Great job Shawn and team! Thank you.

Tune in. Meet one of the minds behind CLR 4's security model.

Enjoy

Follow the Discussion

Oops, something didn't work.

Try again?

Getting "follow" information

Stop following these comments

Start following these comments

Removing your "follow"

Setting up your "follow"

Subscribe to this comments

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following these comments

Start following these comments

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this comments

exoteric

May 27, 2009 at 12:42 PM

Lovely informational. I remember having used CAS and scratching my head a few times. The new model looks much simpler.
cdwatkins

May 27, 2009 at 1:24 PM

Thank God! Well done guys! As someone that has been working with the silverlight security model for some time now, I have to say its a hell of a lot easier to understand and work with. Glad to see that getting back into the core clr.
Simo With me it's a full-time job.

May 28, 2009 at 3:49 AM

"There's a lot of very useful information in this conversation with plenty of whiteboarding."

I read that sentence as "... with plenty of water-boarding." Sheesh, sign of the times.
stevo_ Human after all

May 28, 2009 at 4:32 AM

Personally the security model in .NET has mostly gone over my head.. I think its because in asp.net (where I spend most of my time), you get along perfectly fine without needing to understand it.. the only security concepts I really understand in asp.net world is trust levels (configured permission sets?) because most shared hosting implies medium trust and thus you need to be aware of operations that require full trust (and in some cases different hosts have 'variants' of medium trust, where permissions are stricter).

Edit: forgot to comment about the video, which was great- the silverlight security model is easy to understand (although I'm not entirely sure what that competes with).
aL_ Kinect ftw

May 28, 2009 at 8:52 AM

so no more caspol? :O i *hate* caspol
Sampy And I come back to you now - at the turn of the tide

May 28, 2009 at 9:42 AM

Hey, we interned at the same time and started here in the same year!

I thought he looked familiar...
Shawn Farkas

May 28, 2009 at 12:03 PM

I don't think we interned together, but we did work on ClickOnce together back in the .NET 2.0 / VS 2005 days
Shawn Farkas

May 28, 2009 at 12:52 PM

Yep - since we're not applying CAS policy to apps that you just run as .exes by default anymore, there won't be any need to play with caspol to get those working.

-Shawn
aL_ Kinect ftw

May 29, 2009 at 2:09 AM

i love you [and your team]
HeavensRevenge Know Thyself

Oct 27, 2009 at 7:20 AM

This security model reminds me a lot like how monads control side effects at a language level for I/O and managing complexity. I watched this video once more just to verify with Haskell's type system model as the parallel, and I found this to be ~80% mappable to the monad model. Maybe an opt-in plug-able type system for the CLR/DLR for security that includes these sort of checks based on Haskell's unmatchable type system may be a fun project to explore

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.