{"title":"使用。net安全地重新分发不受信任的代码","authors":"Net, M. Carlisle, J. Humphries, J. Hamilton","doi":"10.1109/IAW.2006.1652113","DOIUrl":null,"url":null,"abstract":"Reusing software components is a textbook software engineering best practice. Developers reuse components written by others, combining them in unique ways to create new software products. Reusing software components can create a significant security risk, as these reused components may behave badly, either by malicious intent or negligence on the part of their authors. The .NET framework provides fine-grained mechanisms for specifying how software should be trusted. Permissions are granted based on the source of software, and where it currently resides (on the local disk, or in a particular internet zone). Unfortunately, these trust guarantees are difficult to manage, and there is no guarantee that an end-user receiving a redistributed untrusted component would correctly set its trust level. We propose a framework with a set of easily understood trust levels, and a simple mechanism for applying these trust levels both to already-compiled applications and libraries within the .NET framework. This allows both end-users and software developers to leverage the work of others, while maintaining guarantees that this software would not, intentionally or otherwise, cause damage to their systems or leak confidential information. This tool should provide significant opportunities for code reuse with security and should be easily extended to handle related applications, such as those using compiled Java class libraries","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"32 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Safely Redistributing Untrusted Code using .NET\",\"authors\":\"Net, M. Carlisle, J. Humphries, J. Hamilton\",\"doi\":\"10.1109/IAW.2006.1652113\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Reusing software components is a textbook software engineering best practice. Developers reuse components written by others, combining them in unique ways to create new software products. Reusing software components can create a significant security risk, as these reused components may behave badly, either by malicious intent or negligence on the part of their authors. The .NET framework provides fine-grained mechanisms for specifying how software should be trusted. Permissions are granted based on the source of software, and where it currently resides (on the local disk, or in a particular internet zone). Unfortunately, these trust guarantees are difficult to manage, and there is no guarantee that an end-user receiving a redistributed untrusted component would correctly set its trust level. We propose a framework with a set of easily understood trust levels, and a simple mechanism for applying these trust levels both to already-compiled applications and libraries within the .NET framework. This allows both end-users and software developers to leverage the work of others, while maintaining guarantees that this software would not, intentionally or otherwise, cause damage to their systems or leak confidential information. This tool should provide significant opportunities for code reuse with security and should be easily extended to handle related applications, such as those using compiled Java class libraries\",\"PeriodicalId\":326306,\"journal\":{\"name\":\"2006 IEEE Information Assurance Workshop\",\"volume\":\"32 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2006.1652113\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2006.1652113","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Reusing software components is a textbook software engineering best practice. Developers reuse components written by others, combining them in unique ways to create new software products. Reusing software components can create a significant security risk, as these reused components may behave badly, either by malicious intent or negligence on the part of their authors. The .NET framework provides fine-grained mechanisms for specifying how software should be trusted. Permissions are granted based on the source of software, and where it currently resides (on the local disk, or in a particular internet zone). Unfortunately, these trust guarantees are difficult to manage, and there is no guarantee that an end-user receiving a redistributed untrusted component would correctly set its trust level. We propose a framework with a set of easily understood trust levels, and a simple mechanism for applying these trust levels both to already-compiled applications and libraries within the .NET framework. This allows both end-users and software developers to leverage the work of others, while maintaining guarantees that this software would not, intentionally or otherwise, cause damage to their systems or leak confidential information. This tool should provide significant opportunities for code reuse with security and should be easily extended to handle related applications, such as those using compiled Java class libraries
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
