14 Java Security
14.4 Java Security Features
14.4.1 Language Features
Java has several language features which protect the integrity of the
security system and which prevent several common attacks. The following are
some such features:
- Security through being well-defined: The Java language is
strict in its definition of the language:
- All primitive data types in the language have a specific size.
- All operations are defined to be performed in a specific order.
- Security through lack of pointer arithmetic: The Java language
does not have pointer arithmetic, so Java programmers cannot forge a pointer
to memory. All references to methods and instance variables in the class
file are via symbolic names. The user cannot create code that has magic offsets
in it that just happen to point to the right place. Users cannot create
code that bash system variables or that accesses private information.
- Security through garbage collection: Garbage collection makes
Java programs more secure and robust. Two common bugs in C/C++ programs are"::
- Failing to free memory once it is no longer needed.
- Accidentally freeing the same piece of memory twice.
- Security through strict compile-time checking: The Java compiler
performs extensive, stringent compile time checking so that as many errors as
possible can be detected by the compiler. The Java language is strongly typed,
that is:
- Objects cannot be cast to a subclass without an explicit runtime check.
- All references to methods and variables are checked to make sure that
the objects are of the same type.
- Integers and objects are not interconvertible.
Strict compilation checks make Java programs more robust and avoid run
time errors. The bytecode verifier runs the the bytecode generated by
the compiler when an applet is loaded and makes security checks.
The compiler also ensures that a program does not access any unintialized
variables.
![[PREV]](../images/Nav/Prev.gif)
![[NEXT]](../images/Nav/Next.gif)
![[UP]](../images/Nav/Up.gif)
![[HOME]](../images/Nav/Home.gif)
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996