Download PPT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts
no text concepts found
Transcript 
Microsoft .NET Initiative
CSE 333
Fall 2002
Keith Bessette
Hardik Davé
Jaladhi Mehta
Introduction and Overview
•
•
•
•
What is .NET ?
History and Evolution of .NET
What is .NET made up of ?
Scope of the paper
–
–
–
–
.NET languages and Java
Database Connectivity using .NET.
Security Issues Concerning .NET and Java
Interoperability: Middleware and Languages
.NET Languages
• Supported Languages in .NET
• C# Background
C# vs. Java – Differences and Similarities
• Class Hierarchies
– Both have single rooted class hierarchies System.Object and
Java.lang.object
– Both classes have methods sharing some similarities and difference
• Execution Environment
– JAVA compiled to bytecodes which are interpreted or natively
compiled and run in managed exec envt JVM
– C# code gets compiled to IL which runs in CLR C# code is never
interpreted, it is always natively compiled C#’s IL is more type
neutral
C# vs. Java – Differences and Similarities
(Continued)
• Object Creation
– In JAVA objects are Heap based
– In C# objects are Heap based as well as Stack based
(called value types)
• NameSpaces
– In JAVA packages reflect the physical directory layout
– C# has complete separation of physical packaging and
logical naming
C# vs. Java – Differences and Similarities
(Continued)
• Access Modifiers
C# access modifier
Private
Public
Internal
protected
internal protected
Java access modifier
Private
public
protected
N/A
N/A
• Serialization and Documentation
• C# supports XML format as well as binary format
for serialization while Java only supports binary
format by default.
• JAVA uses Javadoc while C# uses XML for
documentation
C# vs. Java – Differences and Similarities
(Continued)
• Deterministic object cleanup
– C# supports dispose() method
– C++ like destructors without memory allocation woes Best of both
worlds
• Pointers and unsafe code
–
–
–
–
C# can have pointers when it is running in unsafe mode
Program must have full trust granted earlier
Unsafe keyword, /unsafe compiler switch
Fixed keyword to avoid the garbage collector moving the variable
during the mark and collect algorithm phase
C# and interoperability
• Platform interoperability
– How C# and JAVA run on various platforms
– JAVA is a single language platform
– C# supports multiple languages as long as they conform
to CLS
– JAVA has better portability for various o/s and
platforms
– C# currently runs on only windows platforms
– .NET platform files complied to PE files
C# and interoperability
• Standards Interoperability
– How both languages access standards like
database systems, graphics library, etc.?
– C# and JAVA both don’t scale too well due to
Microsoft and Sun’s business motivations
– C# has been submitted to ECMA to derive to a
standard
– .NET is sort of an open platform
C# and interoperability
• Language interoperability
– Level and ease of integration with other
languages
– JAVA supports language interoperability
through JNI, CORBA
– .NET has language independence
– .NET supports any languages as long as they
conform to CLS and CTS
Database Connectivity
• Database connectivity in .NET
– Different APIs for connecting to the Database.
– JDBC was introduced by Sun Microsystems in
1996
– History of ADO and JDBC.
ADO.NET Architecture
• Three Level Architecture
• XML and DataSet as objects of interaction
Presentation Tier
Windows Forms
MyApp.Ex
e
DataSet
Internet
Intranet
Web Forms
I
E
DataSet
Business to Business
(BizTalk, for example)
XM
L
Business
Tier
Data Object (Class)
DataSet
Data
Adapter
Data
Adapter
Data
Tier
ADO.NET Architecture
• Three Layers of
Architecture
• RecordSets,
Statements – Connection
and DriverManager
Offline DB Access
• Primitive offline DB access using ResultSets in
JDBC
• Complete offline access in .NET using DataSets
• ADO.NET’s DataSet Architecture
DataSet
DataTableCollections
• DataSet functionality
DataTable
• XML as a method of choice.
DataRowcollection
DataColumncollection
ConstraintCollection
DataRelationCollection
Fig 4.3
ADO.NET DataSet
Interoperability with XML
• ADO.NET’s powerful support for XML
• XML functions in DataSets and ADO.NET
• Oracle’s support for XML
SQL
DB
XML
.NET
developed
Application
XML
Oracle
DB
Security Issues concerning .NET and Java
•
•
•
•
Secure development and execution environments
CBAC: permission for code to access resources
RBAC: permission for users/roles to access resources
Code verification and execution: semantics, bytecode, safe
execution environment
• Secure communication: pass data/messages securely
• Code and data integrity: no unauthorized code
modification, cryptography
Code Based Access Control
• CBAC is the security that allows and prevents a
piece of code to access resources
• Evidence Based Security, Permissions, Security
Policy
• CLR reviews evidence of an assembly
• Determines identity from evidence
• Looks up and grants permissions based on the
security policy for that assembly identity
Evidence Based Security
• The CLR examines assemblies to determine
their origin
• CLR looks at metadata for:
– where the code originate
– creator of the assembly
– URL and zone the assembly came from
• CLR verifies the association of metadata w/
an assembly
Permissions
• Permission: assigned to a piece of code, the
allowance to execute a certain method or access a
certain resource
• Assemblies request permissions to execute, and
the CLR answers at runtime
• Permissions are grouped into sets w/ the same
level of security and trust
• Assembly from Internet zone maybe granted
Internet permission set for untrusted code
Security Policy
• SP is set by an admin to make permission
decisions for assemblies and domains
• Three policies: Total Enterprise, Machine
executing code, Requesting User
• Any policy file may partially restrict permissions
of another policy file
• SP groups code into hierarchal categories based on
identity determined by the CLR
• SP determines permissions for assembly after code
is grouped and categorized
Java CBAC vs. .NET CBAC
• Permissions are grouped into protection domains and associated
w/ groups of classes
• Permissions are grouped into sets and assoc w/ code groups
• Classes are grouped by their origin like Code is categorized by
assembly’s zone
• No Security Manager by default in Java
• J2EE has 2 SP types: executing machine & requesting user
• .NET provides a lot of standard permissions
• Stronger credentials needed for permissions in .NET (evidence)
• SP files are more configurable in Java, but doesn’t help w/o all
perm sets
Role Based Access Control
• .NET applies ‘Principal’ term to role membership
• .NET uses many plug-in authentication modules
• Windows: windows apps using Security Support Provided
Interface
• Passport: Microsoft implemented centralized
authentication service
• Form based: HTML logon form from ASP.NET; identity
cookies
• IIS Server: built in mechanisms like Basic, Digest, X.509
certs w/SSL
• Impersonation: allows a user to use another identity to
access another application
Java RBAC vs. .NET RBAC
• .NET supports both imperative and declarative role
permission checking
• Java servlets provide declarative checking at the servlet
level
• EJB’s provide declarative checking down to method level
• JAAS provides imperative checking within method level
• .NET flexibility is limited severely
• IIS is only supported server of .NET framework
• Passport requires users to be members of Microsoft
Passport service
Code Verification and Execution
• Prevent system weaknesses exposure by application errors;
malicious or not
• .NET and Java perform security checks during code
execution
• Stack integrity, bytecode structure, buffer overflows,
semantics
• Application Domains have static boundaries
• Protection Domains have dynamic boundaries
• All security checks to verify code are done on managed
code
• Both .NET and Java allow unmanaged code to bypass the
CLR and JRE
Secure Communication
• Secure Communications are done at the
application level
• Both platforms support SSL and TLS
• .NET apps can use Windows SSPI and IIS
• Java provides Java Secure Sockets
Extensions (JSSE)
• JSSE is very flexible, can be configured
easily for RMI
Secure Code and Data Protection
• .NET uses Windows Crypto API
• Java Crypto Extensions (JCE) and Java Crypto
Architecture (JCA)
• Signed distribution files are necessary for source
verification
• .NET uses strong named assemblies signed with an RSA
keypair
• Java’s JAR files are sealed and each class is signed
• Java’s manifest files don’t require version info
• Once again .NET is tied to Windows so Java is more
flexible
• Crypto algorithms are based on published standards
Middleware Interoperability: COM
• .NET can access COM client as COM can access a
.NET client
• Runtime Callable Wrapper (RCW) wraps the
COM object
• COM Callable Wrapper (CCW) wraps the .NET
object
• System.Runtime.InteropServices.ComVisible
limits what COM client can call
Middleware Interoperability: .NET Remoting vs. RMI
• .NET creates ‘Channels’ to remotely access
objects; HTTP, TCP
• .NET does allow ability to create custom
channels; IIOP
• RMI creates sockets to remotely access
objects; IIOP, JRMP
• .NET doesn’t have a naming registry for
services
Middleware Interoperability: Corba
• Corba is one of the most used middlewares
today
• Microsoft doesn’t support IIOP, Java does
• Create custom channel using TCP/IIOP
• Use wrappers, connect to a Corba object via
a COM object
Related documents
Chapter 1 questions
Chapter 1 questions
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Programming
Programming
Java QUIZ
Java QUIZ
slides
slides
Web Services In Action
Web Services In Action
slides
slides
powerpoint 1
powerpoint 1
CIS 521
CIS 521
D square recruits Flex - junior
D square recruits Flex - junior