.NET Security: Lessons Learned and Missed from Java

Evans, Nathanael P.

.NET Security: Lessons Learned and Missed from Java

Active / Technical Report | Accession Number: ADA453231 |

Open PDF

Abstract:

Many systems execute untrusted programs in virtual machines VMs to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NETs design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned and missed from Javas experience with security.

Author(s):

Evans, Nathanael P.

Author Organization(s):

VIRGINIA UNIV CHARLOTTESVILLE DEPT OF COMPUTER SCIENCE

Supplementary Note:

DOI: 10.21236/ADA453231

Pagination:

0019

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

CCR-0092945, ITR-EIA-0205327

Monitor Series:

DARPA

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.5_Direct; JCA_5.5.1_Communicate Intent and Guidance; JCA_6_Net Centric; JCA_6.2.1_Information Sharing; JCA_6.2.2_Computing Services; JCA_6.2.3_Core Enterprise Services; JCA_1_Force Support; JCA_6.2_Enterprise Services; JCA_6.4.1_Secure Information Exchange; JCA_1.3_Human Capital Management; JCA_6.4_Information Assurance; JCA_8_Building Partnerships; JCA_1.3.2_Personnel Management; JCA_1.2.5_Lessons Learned; JCA_5.3_Planning; JCA_8.2_Shape; JCA_6.1_Information Transport; JCA_1.2_Force Preparation; JCA_1.3.1_Personnel and Family Support

Communities of Interest:

Materials and Manufacturing Processes

Descriptor(s):

*LESSONS LEARNED, *JAVA PROGRAMMING LANGUAGE, SECURITY, VULNERABILITY, PLATFORMS, LIGHTWEIGHT, ACCESS, RESOURCES

Field(s)/Group(s):

Computer Programming and Software

Keyword(s):

VIRTUAL MACHINE SECURITY

Report Date:

2004 Jan 01

Creation Date:

2006 Sep 20