While many experts agree that the Java Security model is basically sound, there is concern that the model has not been examined in sufficient detail to ensure that the sandbox model is as secure as is claimed. There could be implementation errors which malicious applets might exploit. There could be unexpected interactions between applets and other parts of the network which could be exploited.
Sun has initiated an independent, third party security modeling effort. A third party will first produce a Security Reference Model which will document the Java Security Model in rigorous detail. The second step is to implement a compatibility test suite to ensure that the implementations comply with the Java standard. The final step is to commission an independent, third party assessment of Sun's reference implementation of the Java standard.
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996