Controlling Trust Within the Hosted Environment

A host written in this fashion already has a high degree of control over the assembly loaded in its subdomains. Such assemblies cannot enumerate the other appdomains in the process (unless the host hands them appdomain instances explicitly) and therefore cannot initiate contact with any code in any other appdomain (except any they created themselves). Together with the type safety guarantees provided by the runtime (given that all code is verifiable or trusted enough to use non-type safe code responsibly), this means that appdomains serve as a mechanism to isolate groups of assemblies even though they share the same process (and, hence, memory address space).

A host can further control assemblies ...

Get .NET Framework Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.