Sunday 16 August 2009

Past research on Sandboxing and Code Access Security (CAS)

Following a recent Twitter (@DinisCruz) thread, I realized that I had no post with links to my (failed) attempts to get Microsoft (and Sun) to allocate serious resources into Sandboxing of managed applications, and (specifically to .NET) into making Code Access Security work in the real world (i.e. figuring out what are the people, process and technologies required, so that it is possible to 'developt & deploy commercial applications & websites that run under a meaningful + effective Partial Trust environment').

If you are interrested in this topic, the best place to start is this PPT presentation (which was the last one I created): Making the case for Sandbox v1.1 - Dinis Cruz - SD Conference.ppt

Here is the post I wrote when I gave up (in April 2006): I give up, no more posts to Full-Disclosure and DailyDave about Full Trust and .Net /Java Sandboxes

Here is some of the public posts/articles I wrote:
I did also write a a bunch of tools and documents:
Although I gave up on Microsoft and Sun a while back (i.e. I'm still waiting for them to focus on this problem and start a 'conversation' with the community on how to solve this problem), I have continued my research and thinking about it.

And ... the good news ... is that with the latest research that I am doing and publishing (see O2 #OunceOpen), I think I am closer to a solution for this problem ...

:) ... hopefully I will find the time to blog about it