I have heard about "principal based security", "role based security", "component centric security", and in .NET, I get to know that the Code Access Security (CAS) is kind of a "origin based security". So are there any other security models? And what technically do they mean? Could someone give me some explanations, or point me to some reference? Many thanks.
A:
I don't know if this will help you, anyway here's a nice article about .NET security model, I found it very useful.
Matteo Mosca
2010-06-30 13:22:33
+1
A:
Code access security is more of a function used by .net to comply to a security model. A security model itself is a loosely defined term for general security concepts.
For example, role based security or role based access control is a security model to define access to a resource based on a user's role. Although, this is all just a smaller portion of the whole security component that needs to be considered as a part of development. This can be a big help:
http://msdn.microsoft.com/en-us/security/default.aspx
But you can also look into more generalized security concepts such as the Comptia Security + certification for beginners and the CISSP through ISC2 for a bit more advanced security knowledge for a heuristic approach to security.
James Santiago
2010-07-01 03:56:34
+1
A:
Wikipedia defines a computer security model as
A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all.
As you might imagine with a definition that broad there are many types of computer security models. Rather than re-listing all of the various models here it'd be easiest to take a look at the mostly complete computer security model category from Wikipedia. Finally, Wikipedia also provides a computer security portal linking to a multitude of computer security topics.
Aside from that MSDN has some excellent articles on securing .NET applications available. They also provide what appears to be a pretty good security tutorial.
ahsteele
2010-07-02 07:13:32
+3
A:
I just wrote an answer for another question that I think might be applicable here too:
http://stackoverflow.com/questions/3177361/modelling-a-permissions-system/3177578#3177578
sarnold
2010-07-05 08:14:15
Your answer to the other question is applicable enough that I'd probably edit your answer here and make some minor modifications. That'd definitely be the most complete answer of the ones listed below. :)
ahsteele
2010-07-06 21:03:37
@ahsteele, I thought about including the answer here as well, but it seemed a better idea to 'include it by reference' when needed each time, rather than paste it over and over again.
sarnold
2010-07-07 17:23:06