Andrew Kennedy: Securing .NET

Whilst working on the CLR I have uncovered a number of mismatches between the C# and CLR programming models. The mismatches can be identified as a failure of the translation from C# to the CLR to be "fully abstract", and have implications for secure programming on .NET. The more serious problems have been fixed in CLR 2.0 (Whidbey).

Talks

Untrustworthy Programming Languages (ppt)

Talk presented in Joint Queen Mary/Imperial College Seminar series, Queen Mary, University of London, May 2005.

Papers

Securing the .NET Programming Model To appear in special issue of Theoretical Computer Science. (Earlier version presented in an "Industrial Applications" session at APPSEM II Workshop, Frauenchiemsee, Lake Chiemsee, Munich, Germany, September 12-15, 2005.)

The security of the .NET programming model is studied from the standpoint of fully abstract compilation of C#. A number of failures of full abstraction are identified, and fixes described. The most serious problems have recently been fixed for version 2.0 of the .NET Common Language Runtime.