.NET Security: Lessons Learned and Missed from Java

Abstract

Many systems execute untrusted programs in virtual machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NET's design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned (and missed) from Java's experience with security.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2004
Accession Number
ADA453231

Entities

People

  • Nathanael P. Evans

Organizations

  • University of Virginia

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Denial Of Service Attack
  • Fail Safe
  • Information Operations
  • Instruction Set Architecture
  • Internet
  • Java Programming Language
  • Language
  • Lessons Learned
  • Operating Systems
  • Programming Languages
  • Security
  • Virtual Machines
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Parallel and Distributed Computing.