Mobile Code and Security: Why Java Security Is Important|
CHAPTER SECTIONS: 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10
Section 6 -- Securing Java
Security risks fall into four basic categories: system modification, invasion of privacy, denial of service, and antagonism. These four categories of risk are discussed in detail in Chapter 2. The first two of our risk categories are handled moderately well by Java; the second two are not. Risks are particularly egregious in Java since exploiting vulnerabilities is simply a matter of booby-trapping a Web page with a malicious applet or two. Chapter 4, "Malicious Applets: Avoiding a Common Nuisance," and Chapter 5, "Attack Applets: Exploiting Holes in the Security Model," discuss two distinct forms of hostile applets. Java applets with bad intentions-exploit scripts-are the equivalent of every security administrator's nightmare [Garfinkel and Spafford, 1996].
Java's designers are well aware of many of the risks associated with mobile code. To combat these risks, Java was specifically designed with security concerns in mind. The main goal was to address the security issue head-on so that na�ve users (most of the millions of Netscape Navigator and Internet Explorer users) would not have to become security experts just to surf the Web.
In its default form, Java presents a multitiered approach to security. At a general level, the tiers include:
The Java security model will be detailed in Chapter 2 and Chapter 3. Many claims have been made about the security of the Java language. We will try to separate reality from marketing hype in order to better understand the Java security model.
Java also provides a set of tools with which a developer can produce security-critical code (for both applets and applications). In addition to a number of advanced language features like array bounds checking and byte code validation, Java provides:
- Restricted access to file systems and the network
- Restricted access to browser internals
- A set of load time and runtime checks to verify that byte code is following the rules
- A system for signing code and assigning it some level of capability
Although this book is not just a guide to Java's security APIs, we will discuss Java's security functionality in detail. In particular, we will emphasize that no computer language as powerful as Java makes writing security-critical code automatic or easy.
- A set of cryptographic APIs for standard algorithms
- Cryptography engines that provide the guts for a small subset of the APIs
- A strong, stack-based security system
Chapter... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs
Front -- Contents -- Help
Copyright ©1999 Gary McGraw and Edward Felten.
All rights reserved.
Published by John Wiley & Sons, Inc.