Comparing Java and .NET Security: Lessons Learned and Missed

Abstract

Many systems execute untrusted programs in virtual machines (VMs) to mediate their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for executing untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NET's design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned (and missed) from experience with Java security.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2006
Accession Number
ADA465183

Entities

People

  • David Evans
  • Nathanael Paul

Organizations

  • University of Virginia

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Program Documentation
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Denial Of Service Attack
  • Electronic Mail
  • Internet
  • Java Programming Language
  • Lessons Learned
  • Object Code
  • Operating Systems
  • Programming Languages
  • Software Development
  • Standards
  • Virtual Machines
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Parallel and Distributed Computing.
  • Software Engineering.
  • Strategic Security Studies