Code Access Security (CAS) is a feature in .NET which imposes security on the code under execution based on that has created it, from where was it downloaded or copied and what are the evidences of the code. Evidences tell where the code is supposed to execute. So based on the evidence, permissions are set and these permissions are managed by policies. There are other definitions of CAS too.

According to the MSDN, "Code access security allows code to be trusted to varying degrees depending on where the code originates and on other aspects of the code's identity. Code access security also enforces the varying levels of trust on code, which minimizes the amount of code that must be fully trusted in order to run. Using code access security can reduce the likelihood that your code can be misused by malicious or error-filled code. It can reduce your liability because you can specify the set of operations your code should be allowed to perform as well as the operations your code should never be allowed to perform. Code access security can also help minimize the damage that can result from security vulnerabilities in your code."

According to Wikipedia, "Code Access Security (CAS), in the Microsoft .NET Framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the code group that the assembly belongs to. A code group contains a permission set (one or more permissions). Code that performs a privileged action will perform a code access demand which will cause the CLR to walk up the call stack and examine the permission set granted to the assembly of each method in the call stack. The code groups and permission sets are determined by the administrator of the machine who defines the security policy."