The Java security model and flaws arising from implementation errors, loopholes in the security model and unintended interaction between browser features are examined in this chapter. The language features for security, the low level security mechanisms through compile time checking, the ClassLoader and the SecurityManager are described. The different types of attacks on security; namely denial of service attacks , second party and third party attacks , annoyance attacks and disclosure attacks are presented. Some simple examples of hostile applets are shown to illustrate some of these attacks.
The chapter concludes with some future directions that Java security model and implementation might take to make it a more secure environment to accomadate the openness desired by Web application writers and the security needs of their users.
Copyright © 1996
Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Sep 22 21:16:15 1996