The essence of the problem is that running programs on a computer typically gives that program access to certain resources on the host machine. In the case of executable content, the program that is running is untrusted. If a Web browser downloads and runs Java code and is not careful to restrict the access that the untrusted program has, it can provide a malicious program with the same ability to do mischief as a hacker who had gained access to the host machine. The reason that one gives programs access to resources in the first place is that in order to be useful a program needs access to certain resources.
This chapter discusses these concerns and shows how Java addresses them. It also describes future extensions to the Java security model. The security holes arise due to implementation errors, unintended interactions between browser features, weaknesses in the Java language and bytecode semantics. For a detailed presentation of the Java programming language, refer to the chapter on Java.
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996