ITEC102PART2 Flashcards

1
Q

Objects that represent specific authorizations

A

Permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Determines what code is permitted to do:

set of permissions to grant to an assembly

A

Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Inputs to policy about code, from multiple sources

A

Evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

object represents a specific authorization, such as access to a resource

“permission to do something”

A

Permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

is an authorization given to an assembly (code)

“this code is authorized to do something”

A

Grant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

is a security check for corresponding grants

“is something allowed?” (else, raise exception)

A

Demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Permissions for Framework resources

• These permissions represent access to protected resources.

A

Standard .NET permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

These permissions represent code identity. They are granted to code based on its corresponding evidence.

A

Identity permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A user identity permission is also supported. this is the only non-code access permission in the framework

A

Other permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Most permissions are code access permissions ( true/ false )

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Demanding a permission performs a _____ ______ checking for related grants of all callers

A

Stack walk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Modifiers provide fine-grained, dynamic control over state of grants on the stack

A

Stack Walk Modifiers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

“I vouch for my callers; checks for perm can stop at this frame”

■ Example: “Gatekeeper” classes

A

Assertion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

appropriate permission from caller

A

Demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

permission to call unmanaged code
Make the unmanaged call

A

Assert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identity permissions allow the same security checks on identity of code

• Digital signature, location (URL, site), etc.

A

Controlling access to code

17
Q

code reference by a caller

A

LinkDemand

18
Q

It must be signed with the private key corresponding to the public key used in the previous example.

A

Calling code

19
Q

is the process of determining the permissions to grant to code

• Permissions granted to code, not user

■ Grants are on a per-assembly basis

A

Policy

20
Q

A policy level is a collection of

A

Code group

21
Q

Read environment variables (limited), UI, IsolatedStorage, Assertion, Web access to same site, File read to same UNC directory

A

Intranet Zone

22
Q

Safe UI, IsolatedStorage, Web access to same site

A

Internet Zone

23
Q

Evidence-Based Security ( 3 )

A

Permission
Policy
Evidence

24
Q

Two ways to make checks

A

Imperatively
Declaratively

25
Q

Managed wrappers for unmanaged

resources

A

-Demand
-Assert

26
Q

Declarative security checks by JIT instead of (most costly) runtime checks

A

LinkDemand
Inheritance Demand

27
Q

Default policy

A

Local Computer Zone
Intranet Zone
Internet Zone
Restricted Zone
MS Strong Name

28
Q

Declarative Security Checks / Declarative security is

A
  • Part of a method’s metadata
  • Implemented with custom attributes
  • Processed by JIT
29
Q

Any object can be a piece of evidence
only impacts grants if there is a code group membership condition that cares about it

A

Evidence is completely extensible

30
Q

Assemblies can request permissons
( true/false )

A

true

31
Q

Managed apps just run, consistent experience for scripts, exes, controls

Safe defaults, no runtime trust decisions for user.

A

End-user

32
Q

All settings in one place, easy to customize.
Understandable policy model ( need beta feedback ).
Security administration tool coming in Beta 2.

A

Administrator

33
Q

can focus on app logic, security comes for free.
but, easy to use and extend when necessary

A

Developer

34
Q

managed code verified for typesafety at runtime.
eliminates most common security problems

A

Typesafe code

35
Q

Developers can use ‘least privilege’
code access security blocks most ‘luring’ attacks ( true / false )

A

true

36
Q

Multi levels of policy ( 3 )

A

Machine-wide, User-specific
Enterprise support: group policy ( beta 2 )
Further policy restrictions allowed on a per application domain basis

37
Q

Evidence / info about a code assembly

A

Shared names
Publisher identity
location of origin ( URL, zone, site )

38
Q

Eliminates most common security problems

A

-Buffer overrun attacks
-Reading private state or uninitialized memory
-Access arbitrary memory in process space
-Transfer execution to arbitrary location in process

39
Q

Managed code verified for typesafety at runtime

A

Typesafe code