Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft.NET Initiative Keith Bessette Hardik Davé Jaladhi Mehta CSE 333 Fall 2002.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Microsoft.NET Initiative Keith Bessette Hardik Davé Jaladhi Mehta CSE 333 Fall 2002."— Presentation transcript:

1 Microsoft.NET Initiative Keith Bessette Hardik Davé Jaladhi Mehta CSE 333 Fall 2002

2 What is.NET ? History and Evolution of.NET What is.NET made up of ? Scope of the paper –.NET languages and Java –Database Connectivity using.NET. –Security Issues Concerning.NET and Java –Interoperability: Middleware and Languages Introduction and Overview

3 Supported Languages in.NET C# Background.NET Languages

4 Class Hierarchies –Both have single rooted class hierarchies System.Object and Java.lang.object –Both classes have methods sharing some similarities and difference Execution Environment –JAVA compiled to bytecodes which are interpreted or natively compiled and run in managed exec envt JVM –C# code gets compiled to IL which runs in CLR C# code is never interpreted, it is always natively compiled C#’s IL is more type neutral C# vs. Java – Differences and Similarities

5 Object Creation –In JAVA objects are Heap based –In C# objects are Heap based as well as Stack based (called value types) NameSpaces –In JAVA packages reflect the physical directory layout –C# has complete separation of physical packaging and logical naming C# vs. Java – Differences and Similarities (Continued)

6 Access Modifiers C# vs. Java – Differences and Similarities (Continued) Serialization and Documentation C# supports XML format as well as binary format for serialization while Java only supports binary format by default. JAVA uses Javadoc while C# uses XML for documentation

7 Deterministic object cleanup –C# supports dispose() method –C++ like destructors without memory allocation woes Best of both worlds Pointers and unsafe code –C# can have pointers when it is running in unsafe mode –Program must have full trust granted earlier –Unsafe keyword, /unsafe compiler switch –Fixed keyword to avoid the garbage collector moving the variable during the mark and collect algorithm phase C# vs. Java – Differences and Similarities (Continued)

8 Platform interoperability –How C# and JAVA run on various platforms –JAVA is a single language platform –C# supports multiple languages as long as they conform to CLS –JAVA has better portability for various o/s and platforms –C# currently runs on only windows platforms –.NET platform files complied to PE files C# and interoperability

9 Standards Interoperability –How both languages access standards like database systems, graphics library, etc.? –C# and JAVA both don’t scale too well due to Microsoft and Sun’s business motivations –C# has been submitted to ECMA to derive to a standard –.NET is sort of an open platform C# and interoperability

10 Language interoperability –Level and ease of integration with other languages –JAVA supports language interoperability through JNI, CORBA –.NET has language independence –.NET supports any languages as long as they conform to CLS and CTS C# and interoperability

11 Database connectivity in.NET –Different APIs for connecting to the Database. –JDBC was introduced by Sun Microsystems in 1996 –History of ADO and JDBC. Database Connectivity

12 Three Level Architecture XML and DataSet as objects of interaction ADO.NET Architecture Business Tier Data Tier Presentation Tier Windows Forms Web Forms Business to Business Data Object (Class) DataSet Internet Intranet Data Adapter (BizTalk, for example) XM L MyApp.Ex e IEIE

13 Three Layers of Architecture RecordSets, Statements – Connection and DriverManager ADO.NET Architecture

14 Primitive offline DB access using ResultSets in JDBC Complete offline access in.NET using DataSets Offline DB Access DataSet DataTableCollections DataRowcollection DataColumncollection ConstraintCollection DataRelationCollection DataTable Fig 4.3 ADO.NET DataSet ADO.NET’s DataSet Architecture DataSet functionality XML as a method of choice.

15 ADO.NET’s powerful support for XML XML functions in DataSets and ADO.NET Oracle’s support for XML Interoperability with XML XML.NET developed Application SQL DB Oracle DB

16 Secure development and execution environments CBAC: permission for code to access resources RBAC: permission for users/roles to access resources Code verification and execution: semantics, bytecode, safe execution environment Secure communication: pass data/messages securely Code and data integrity: no unauthorized code modification, cryptography Security Issues concerning.NET and Java

17 Code Based Access Control CBAC is the security that allows and prevents a piece of code to access resources Evidence Based Security, Permissions, Security Policy CLR reviews evidence of an assembly Determines identity from evidence Looks up and grants permissions based on the security policy for that assembly identity

18 The CLR examines assemblies to determine their origin CLR looks at metadata for: –where the code originate –creator of the assembly –URL and zone the assembly came from CLR verifies the association of metadata w/ an assembly Evidence Based Security

19 Permission: assigned to a piece of code, the allowance to execute a certain method or access a certain resource Assemblies request permissions to execute, and the CLR answers at runtime Permissions are grouped into sets w/ the same level of security and trust Assembly from Internet zone maybe granted Internet permission set for untrusted code Permissions

20 SP is set by an admin to make permission decisions for assemblies and domains Three policies: Total Enterprise, Machine executing code, Requesting User Any policy file may partially restrict permissions of another policy file SP groups code into hierarchal categories based on identity determined by the CLR SP determines permissions for assembly after code is grouped and categorized Security Policy

21 Permissions are grouped into protection domains and associated w/ groups of classes Permissions are grouped into sets and assoc w/ code groups Classes are grouped by their origin like Code is categorized by assembly’s zone No Security Manager by default in Java J2EE has 2 SP types: executing machine & requesting user.NET provides a lot of standard permissions Stronger credentials needed for permissions in.NET (evidence) SP files are more configurable in Java, but doesn’t help w/o all perm sets Java CBAC vs..NET CBAC

22 .NET applies ‘Principal’ term to role membership.NET uses many plug-in authentication modules Windows: windows apps using Security Support Provided Interface Passport: Microsoft implemented centralized authentication service Form based: HTML logon form from ASP.NET; identity cookies IIS Server: built in mechanisms like Basic, Digest, X.509 certs w/SSL Impersonation: allows a user to use another identity to access another application Role Based Access Control

23 .NET supports both imperative and declarative role permission checking Java servlets provide declarative checking at the servlet level EJB’s provide declarative checking down to method level JAAS provides imperative checking within method level.NET flexibility is limited severely IIS is only supported server of.NET framework Passport requires users to be members of Microsoft Passport service Java RBAC vs..NET RBAC

24 Prevent system weaknesses exposure by application errors; malicious or not.NET and Java perform security checks during code execution Stack integrity, bytecode structure, buffer overflows, semantics Application Domains have static boundaries Protection Domains have dynamic boundaries All security checks to verify code are done on managed code Both.NET and Java allow unmanaged code to bypass the CLR and JRE Code Verification and Execution

25 Secure Communications are done at the application level Both platforms support SSL and TLS.NET apps can use Windows SSPI and IIS Java provides Java Secure Sockets Extensions (JSSE) JSSE is very flexible, can be configured easily for RMI Secure Communication

26 .NET uses Windows Crypto API Java Crypto Extensions (JCE) and Java Crypto Architecture (JCA) Signed distribution files are necessary for source verification.NET uses strong named assemblies signed with an RSA keypair Java’s JAR files are sealed and each class is signed Java’s manifest files don’t require version info Once again.NET is tied to Windows so Java is more flexible Crypto algorithms are based on published standards Secure Code and Data Protection

27 .NET can access COM client as COM can access a.NET client Runtime Callable Wrapper (RCW) wraps the COM object COM Callable Wrapper (CCW) wraps the.NET object System.Runtime.InteropServices.ComVisible limits what COM client can call Middleware Interoperability: COM

28 .NET creates ‘Channels’ to remotely access objects; HTTP, TCP.NET does allow ability to create custom channels; IIOP RMI creates sockets to remotely access objects; IIOP, JRMP.NET doesn’t have a naming registry for services Middleware Interoperability:.NET Remoting vs. RMI

29 Corba is one of the most used middlewares today Microsoft doesn’t support IIOP, Java does Create custom channel using TCP/IIOP Use wrappers, connect to a Corba object via a COM object Middleware Interoperability: Corba

Download ppt "Microsoft.NET Initiative Keith Bessette Hardik Davé Jaladhi Mehta CSE 333 Fall 2002."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Introduction to .NET Framework

Introduction to .NET Framework
History of.Net Introduced by Microsoft Earlier technology was VC++ and VB VC++ comes with so many library and VB was so easy to use and not flexible to.

History of.Net Introduced by Microsoft Earlier technology was VC++ and VB VC++ comes with so many library and VB was so easy to use and not flexible to.
.NET Framework Overview Pingping Ma Nov 16 th, 2006.

.NET Framework Overview Pingping Ma Nov 16 th, 2006.
.NET Technology.

.NET Technology.
CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.

CIM2564 Introduction to Development Frameworks 1 Overview of a Development Framework Topic 1.
Introduction to Java 2 Enterprise Edition About myself –Neutrinos, Cancer Research, IT Applications Today’s topic: J2EE –Context –Advantages –Components.

Introduction to Java 2 Enterprise Edition About myself –Neutrinos, Cancer Research, IT Applications Today’s topic: J2EE –Context –Advantages –Components.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
ISYS 546 Client/Server Database Application Development.

ISYS 546 Client/Server Database Application Development.
J2EE vs..NET Nigam Patel. Topics Background –Web Services, J2EE and.NET Similarities Differences Conclusion –Pros and Con (J2EE and.NET)

J2EE vs..NET Nigam Patel. Topics Background –Web Services, J2EE and.NET Similarities Differences Conclusion –Pros and Con (J2EE and.NET)
Introducing the Common Language Runtime for.NET. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution.

Introducing the Common Language Runtime for.NET. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Introducing the Common Language Runtime. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution engine.

Introducing the Common Language Runtime. The Common Language Runtime The Common Language Runtime (CLR) The Common Language Runtime (CLR) –Execution engine.
12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.

12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.
Overview of Database Access in.Net Josh Bowen CIS 764-FS2008.

Overview of Database Access in.Net Josh Bowen CIS 764-FS2008.
Web-based Software Development - An introduction.

Web-based Software Development - An introduction.
Intro to dot Net Dr. John Abraham UTPA – Fall 09 CSCI 3327.

Intro to dot Net Dr. John Abraham UTPA – Fall 09 CSCI 3327.
Microsoft.Net vs. J2EE Suresh Ramachandran Duke Energy.

Microsoft.Net vs. J2EE Suresh Ramachandran Duke Energy.
JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.

JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.
.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

.NET, and Service Gateways Group members: Andre Tran, Priyanka Gangishetty, Irena Mao, Wileen Chiu.

Similar presentations

Ads by Google