Java Security

Original version by Tony Stubblebine and Omar Ghaffar. Some slight modifications by Samuel A. Rebelsky.

Security Concerns

Security Features in the Language

Java provides security:

• through Openness
• through being well-defined
• through lack of pointer arithmetic
• through garbage collection
• through strict Compile-Time Checking

Security Features in the Virtual Machine

• A Class Loader loads applet code, enforcing a seperate name space for trusted and untrusted code
• A Verifier ensures that code follows Java language specification, follows name space restrictions, contains no illegal memory management, and contains no illegal typecasts.
• A Security Manager decides what actions an applet is allowed to make

Actions controlled by the Security Manager

Untrusted applets are not allowed to:

• Read, write, get information about or delete files on any system other than the applet's home system.
• Execute operating system commands or native code on any system other than the applet's home system, or load a library.
• Establish network connections to any computer other than the applet's home system.

Hacks and Security Flaws

Run as a trusted applet on the HotJava browser

This vulnerability is present in the Netscape Navigator 2.0 Java implementation and in Release 1.0 of the Java Developer's Kit from Sun Microsystems, Inc. These implementations do not correctly implement the policy that an applet may connect only to the host from which the applet was loaded. Read CERT advisory

Topic: Weaknesses in Java Bytecode Verifier Read CERT Advisory

Extending Java Security

• Security Modeling
• New Security Facilities
• Signed JAR files
• Flexable Policies
• Auditing
• Encription

Links

• Low-level Java Security
• Java Security White Paper (postscript file)
• Sun's Java Security Page
• Hostile Applets Page