Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 11: Malicious Mobile Code Protection
In recent years, Microsoft software has been the preferred target of some infamous Trojan horses, viruses, and worms. In Windows Server 2003, Windows XP, and the .NET framework, Microsoft provides clear responses to the malicious mobile code (MMC) threats: Software Restriction Policies (SRPs) and Code Access Security (CAS). Both technologies are discussed in the context of Windows Server 2003 authorization because they both provide solutions to authorize pieces of code to execute or perform particular tasks on a Windows-rooted computer system.
11.1 Malicious mobile code protection architecture
Before Windows Server 2003, XP, and the .NET framework, Microsoft has provided individual patches and extensions to most of its end-user applications like Office and Internet Explorer to deal with some of the MMC threats. In Windows Server 2003 and XP, Microsoft takes a different approach: MMC protection is moved from the application level to the OS level. Also, in the .NET framework MS provides a solution to provide MMC protection when the code is loaded into the .NET execution engine.
On the Windows Server 2003 and XP OS level, the new MMC protection technology affects all application code running on top of the OS. This technology is known as Software Restriction Policies (SRPs), or by its code name, SAFER. In the .NET development framework, Microsoft provides a technology known as Code Access Security (CAS). Both technologies are sometimes referred to as Microsoft s new Code Authorization Layer (illustrated in Figure 11.1).
Figure 11.1: Malicious mobile code protection architecture.
CAS is only available...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
