Abstract
Java is a programming language that conforms to the concept of downloadable, executable content. Java offers a wide range of capabilities to the application programmer, the most important being that a program may be executed remotely, without any modification, on almost any computer regardless of hardware configuration and operating system differences. However, this advantage raises a serious concern: security. When one downloads and executes code from various Internet sources, he is vulnerable to attacks by the code itself. A security scheme must be applied in order to secure the operations of Java programs. In this paper, the Java security scheme is examined and current implementations are evaluated on the basis of their efficiency and flexibility. Finally, proposed enhancements and upcoming extensions to the security model are described.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
D. Balfanz, L. Gong, (1997) “Secure Multi-Processing in Java„.
“Java Security”, available at http://www-swiss.ai.mit.edu/~jbank/javapaper.html
E.W. Felten, D. Balfanz, D. Dean, D.S. Wallach, (1997) “Web Spoofing: An Internet Con Game„, Proceeedings of the 20 th National Information Systems Security Conference.
Goldstein T., (1996) The Gateway Security Model in the Java Electronic Commerce Framework, JavaSoft, available at http://www.javasoft.com/products/commerce/jectf_gateway.ps
L. Gong, M. Mueller, H. Prafullchandra, R. Schemers, (1997) “Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2„, Proceedings of the USENIX Symposium on Internet Technologies and Systems.
L. Gong, (1997) “New Security Architectural Directions for Java„, Proceedings of IEEE COMPCON).
L. Gong, R. Schemers (1998) “Implementing Protection Domains in the Java Development Kit 1.2„, Proceedings of the 1998 Network and Distributed Systems Security Symposium, Internet Society
Gritzalis D., (1991) Information Systems Security, Greek Computer Society Publications (in Greek).
Martin D., Rajagopalan S., Rubin A., (1997) Blocking Java Applets at the Firewall, Proceedings of the SNDSS 1997 Symposium on Network and Distributed System Security, pp.123–133, IEEE Computer Society Press.
McGraw G., Felten E., (1996) Java Security Hostile Applets, Holes and Antidotes, J. Wiley & Sons Inc.
Sun Microsystems, (1997) Secure Computing with Java: Now and the Future, at http://java.sun.com/marketing/collateral/security.html
The Java Virtual Machine Specification, (1997) available in the Web at http://java.sun.com/docs/books/vmspec/
Sun Microsystems, (1997) Frequently Asked Questions - Applet Security, at http://java.sun.com/sfaq/
D.S. Wallach, D. Balfanz, D. Dean, E.W. Felten, (1997) “Extensible Security Architectures for Java„, Proceedings of the 16th Symposium on Operating Systems Principles.
[Zhang, 1997] X.N. Zhang, “Secure Code Distribution„, (1997) IEEE Computer.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg Berlin Heidelberg
About this paper
Cite this paper
Iliadis, J., Gritzalis, S., Oikonomou, V. (1998). Towards Secure Downloadable Executable Content: The JAVA Paradigm. In: Ehrenberger, W. (eds) Computer Safety, Reliability and Security. SAFECOMP 1998. Lecture Notes in Computer Science, vol 1516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49646-7_9
Download citation
DOI: https://doi.org/10.1007/3-540-49646-7_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65110-9
Online ISBN: 978-3-540-49646-5
eBook Packages: Springer Book Archive