Comparing Java and.Net Security: Lessons Learned and Missed - Nathanael Paul, David Evans Presented by Dan Frohlich.

Slides:

Advertisements

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Advertisements

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.

Java security (in a nutshell)

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

Exceptions and Exception Handling Carl Alphonce CSE116.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

Security: Lessons Learned and Missed from Java Nathanael Paul David Evans University of Virginia ACSAC 2004.

1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Frameworks Indy Java Users Group January 29, 2003.

Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.

Basic Security: Java vs.NET Master Seminar Advanced Software Engineering Topics Prof. Jacques Pasquier-Rocha Software Engineering Group Department of Informatics.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.

KATHOLIEKE UNIVERSITEIT LEUVEN 1.NET Curriculum Workshop Teaching Software Security: Case Studies on the.NET Framework Frank Piessens and Wouter Joosen.

1 cs205: engineering software university of virginia fall 2006 Forgiveness and Permissions.

Module 3 Configuring File Access and Printers on Windows 7 Clients.

Database Role Activity. DB Role and Privileges Worksheet.

Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.

Operating Systems Security

Wireless and Mobile Security

C# and.NET. .NET Architecture  Compiling and running code that targets.NET  Advantages of Microsoft Intermediate Language (MSIL)  Value and Reference.

Design Principles and Common Security Related Programming Problems

Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.

Module 7: Designing Security for Accounts and Services.

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Containers as a Service with Docker to Extend an Open Platform

Java security (in a nutshell)

Topic: Java Security Models

CS216: Program and Data Representation

Building Systems That Flexibly Control Downloaded Executable Content

Security & .NET 12/1/2018.

IS4680 Security Auditing for Compliance

Byte Code Verification

Smashing the Stack for Fun and Profit

Module 10: Implementing Managed Code in the Database

Understanding Android Security

DEPLOYING SECURITY CONFIGURATION

Chapter 8: Security Policy

Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.

Presentation transcript:

Comparing Java and.Net Security: Lessons Learned and Missed - Nathanael Paul, David Evans Presented by Dan Frohlich

Overview Vulnerability History. Architecture. Instruction Sets. Permissions. Policies. Enforcement. Psychological Acceptability. Questions?

Vulnerability History Is the.Net architecture more secure? Did we learn something from Java?

Most Java vulnerabilities occur before the VM executes code. Class Loader + Verifier vulnerabilities account for the majority of Java vulnerabilities

Instruction Sets Object creation in Java requires 3 operations v.s. 1 op in MSIL. –Single point of verification actually simplifies verification. Java exception handling pushes return addresses to stack, making control flow hard to verify. –.Net’s leave op uses exception. Reducing complex instructions in MSIL simplifies the verification code. –This should lead to fewer flaws in the verifier.

Permissions..Net provides finer permission granularity overall. Both design permissions around dangerous APIs rather than critical resources. –Dangerous since granting permissions may grant unexpected capabilities. Neither supports complete mediation. –May be provided by frameworks at significant performance costs.

Policies. Java’s Permissive (Union) model –A user’s permission file may not contain all permissions available to the user. – Permissions may be made not be made more restrictive..Net’s Restrictive (Intersection) model is more flexible and complex. –Follows fail-safe defaults.

Enforcement Reference Monitor used in Both cases to satisfy complete mediation principal. –Java’s Security Manager can be overridden. –More flexible than.Net but makes type safety exploits easy.

Psychological Acceptability Both Java and.Net have extensible security policies which are difficult to configure and understand. –Security exceptions may lead users to grant full trust if an application is critical.

Questions?