The Java platform supports the Write Once/Run Anywhere applications. This, combined with the easy distribution mechanisms provided by the World Wide Web and intranets, makes Java a powerful tool for many network based systems. The mobile applications which Java enables solves many persistent problems in application distribution and systems management.
Java also opens up a lot of security issues involved with mobile applications. Java uses the sandbox model to restrict security breaches. This model gives users the advantage of easy, ad-hoc application distribution while it protects them from potentially malicious applications.
Several efforts are underway to further enhance the sandbox model. Future releases of Java will provide applet signing, support for flexible policies, encryption and auditing.
Any organization which is considering adding Java applications or Java enabled software to its network should carefully consider how Java will affect their security policies. While no set of security policy can ever eliminate all risks from a networked environment, understanding how Java's security model works and what sorts of attacks are possible, keeping current with new developments, and evaluating Java in light of the organization's overall security policy can reduce risks to an acceptable level.
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996