WWW:Beyond the Basics

14 Java Security

14.3 Java Security Features

14.3.1 Denial of Service Attacks

Java does not have many provisions to identify denial of service attacks. The common attacks are busy-waiting to consume CPU cycles and allocating memory until the system runs out, and starving other threads and system processes. The memory and CPU attacks are very difficult to handle because many genuine applications might need large amounts of resources.

The code segment below can lock the status line at the bottom of the HotJava browser, effectively preventing it from loading any more pages.

synchronized (Class.forName("net.www.html.MeteredStream")) { while(true) Thread.sleep(10000); }

In Netscape, this attack can lock the java.net.InetAddress class, blocking all hostname lookups and hence all new network connections. This attack could be prevented by using wrappers around these classes and preventing access to locks.

There are two variations of denial of service attacks. An attack can be made to occur after a time delay, probably causing failure to occur when the user is viewing some other page thus masking the source of the attack. Another type is the degradation of service attack where there is no outright denial of service but the performance of the browser is significantly reduced.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved

Vijay Sureshkumar <vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996