The Java Security Model

• This addresses security of the client machine once an applet has been downloaded and includes processing of security mechanisms such as authentication certificates

• There are three parts of the Java Security model:

  • Byte Code Verifier: checks that the downloaded .class files obey the rules of the Java Virtual Machine
  • Class Loader: makes certain that Java classes have a security structure that prevents outside applets contaminating built in runtime.
  • Security Manager: implements overall policy which depends on particular browser and includes privileges open to applets and processing of authentication mechanisms
  • Note first two parts can have bugs; last part can have both bugs and ill advised policies!

Previous slide

Next slide

Back to first slide

View graphic version