Tutorial :How many kinds of “Security Models” are there?


I have heard about "principal based security", "role based security", "component centric security", and in .NET, I get to know that the Code Access Security (CAS) is kind of a "origin based security". So are there any other security models? And what technically do they mean? Could someone give me some explanations, or point me to some reference? Many thanks.


Code access security is more of a function used by .net to comply to a security model. A security model itself is a loosely defined term for general security concepts.

For example, role based security or role based access control is a security model to define access to a resource based on a user's role. Although, this is all just a smaller portion of the whole security component that needs to be considered as a part of development. This can be a big help:


But you can also look into more generalized security concepts such as the Comptia Security + certification for beginners and the CISSP through ISC2 for a bit more advanced security knowledge for a heuristic approach to security.


Wikipedia defines a computer security model as

A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all.

As you might imagine with a definition that broad there are many types of computer security models. Rather than re-listing all of the various models here it'd be easiest to take a look at the mostly complete computer security model category from Wikipedia. Finally, Wikipedia also provides a computer security portal linking to a multitude of computer security topics.

Aside from that MSDN has some excellent articles on securing .NET applications available. They also provide what appears to be a pretty good security tutorial.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »