WWW:Beyond the Basics

14 Java Security

14.2 Security Issues

14.2.3 Java Security Model

Java's security allows a user to download and run applets from the Web or an intranet without undue risk to the user's machine. The applet's actions are restricted to its "sandbox", an area of the web browser dedicated to that applet. The applet can do anything within the sandbox, but cannot read or write or alter an data outside of it. The sandbox ensures that even if a user downloads a malicious applet, it cannot damage the local machine.

The sandbox is made up of the following components operating together. [ Fritzinger ]

The next few sections present some security breaches that have been found since Java's release. It should be noted that very few of them are due to language weaknesses. The main weakness with the Java language is that it has neither a formal semantics nor a formal description of its type system although the security relies on the soundness of the type system.

All the security holes mentioned are because of implementation errors, unexpected interaction of browser features, differences between Java semantics and bytecode semantics.

Each of the aforementioned Java security mechanisms are discussed in later sections in detail.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved

Vijay Sureshkumar <vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996