Many systems execute untrusted programs in Virtual Machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NET's design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned (and missed) from Java's experience with security.
Did you find this white paper useful?
17 out of 31 users found this white paper useful
Related white papers
Sun Java Enterprise System and Its Impact on Software Economics
When Sun introduced the Java Enterprise System it launched a bold new approach to the acquisition and integrating of enterprise software. What has been the impact on software economics and...
Building Compelling Services for the Wireless Market Using Java Technology
Java 2 Platform, Micro Edition (J2ME) is part of the Java 2 platform. While Java 2 Standard Edition (J2SE) targets desktop systems, and Java 2 Enterprise Edition (J2EE) targets the...
Mercator: a Scalable, Extensible Web Crawler
This paper describes Mercator, a scalable, extensible web crawler written entirely in Java. Scalable web crawlers are an important component of many web services, but their design is not well-documented...
Web Enable Windows Applications: Integration Technologies for Java/J2EE Interoperation With Windows Application Components
This webcast discusses about technologies that are available to support bidirectional access between Java and native Windows application components, including such Windows components as C/C++ executables and DLL functions, Visual...
Efficiently Adapting Java Binaries in Limited Memory Contexts
This paper presents a compilation framework that allows executable code to be shared across different Java Virtual Machine (JVM) instances. All fully compliant JVMs that target servers rely on run-time...
Java Application Client Container
This paper describes an approach to design clients in a multitier enterprise application with the Java 2 Platform, using Enterprise Java Bean Containers for the client application. The paper does...
TRAP/J: Transparent Generation of Adaptable Java Programs
This paper describes TRAP/J, a software tool that enables new adaptable behavior to be added to existing Java applications transparently (that is, without modifying the application source code and without...
