1 / 10

Comparing Java and .Net Security: Lessons Learned and Missed

Comparing Java and .Net Security: Lessons Learned and Missed. - Nathanael Paul, David Evans Presented by Dan Frohlich. Overview. Vulnerability History. Architecture. Instruction Sets. Permissions. Policies. Enforcement. Psychological Acceptability. Questions?. Vulnerability History.

randi
Download Presentation

Comparing Java and .Net Security: Lessons Learned and Missed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Comparing Java and .Net Security: Lessons Learned and Missed - Nathanael Paul, David Evans Presented by Dan Frohlich

  2. Overview • Vulnerability History. • Architecture. • Instruction Sets. • Permissions. • Policies. • Enforcement. • Psychological Acceptability. • Questions?

  3. Vulnerability History • Is the .Net architecture more secure? • Did we learn something from Java?

  4. Most Java vulnerabilities occur before the VM executes code. • Class Loader + Verifier vulnerabilities account for the majority of Java vulnerabilities

  5. Instruction Sets • Object creation in Java requires 3 operations v.s. 1 op in MSIL. • Single point of verification actually simplifies verification. • Java exception handling pushes return addresses to stack, making control flow hard to verify. • .Net’s leave op uses exception. • Reducing complex instructions in MSIL simplifies the verification code. • This should lead to fewer flaws in the verifier.

  6. Permissions. • .Net provides finer permission granularity overall. • Both design permissions around dangerous APIs rather than critical resources. • Dangerous since granting permissions may grant unexpected capabilities. • Neither supports complete mediation. • May be provided by frameworks at significant performance costs.

  7. Policies. • Java’s Permissive (Union) model • A user’s permission file may not contain all permissions available to the user. • Permissions may be made not be made more restrictive. • .Net’s Restrictive (Intersection) model is more flexible and complex. • Follows fail-safe defaults.

  8. Enforcement • Reference Monitor used in Both cases to satisfy complete mediation principal. • Java’s Security Manager can be overridden. • More flexible than .Net but makes type safety exploits easy.

  9. Psychological Acceptability • Both Java and .Net have extensible security policies which are difficult to configure and understand. • Security exceptions may lead users to grant full trust if an application is critical.

  10. Questions?

More Related