Many security models attach security to users and their groups (or roles). This means that : all code run on behalf of these users, are either permitted or not permitted to perform operations on critical resources.The .NET Framework provides a developer defined security model called role-based security that functions in a similar vein.Role Based Security's principal abstractions are Principals and Identity. Additionally, the .NET Framework also provides security on code and this is referred to as code access security (also referred to as evidence-based security).With code access security, user may be trusted to access a resource but if the code is not trusted, then access to the resource will be denied.
Current Security Products such as Antivirus, Firewalls Industry Detection Systems are designed as stand alone pieces of equipment or software.Near-Term Problem: Ensuring Programs are : Memory-Safe, Type-Safe So fine-grained access control can be enforced.Long-Term Problem: Ensuring that Distributed computing system enforce system-wide information security policies:ConfidentialityIntegrityAvailabilityConfidentiality, integrity : end-to-end security described by information-flow policies.