Towards Secure Downloadable Executable Content: The JAVA Paradigm

  • J. Iliadis
  • S. Gritzalis
  • V. Oikonomou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1516)

Abstract

Java is a programming language that conforms to the concept of downloadable, executable content. Java offers a wide range of capabilities to the application programmer, the most important being that a program may be executed remotely, without any modification, on almost any computer regardless of hardware configuration and operating system differences. However, this advantage raises a serious concern: security. When one downloads and executes code from various Internet sources, he is vulnerable to attacks by the code itself. A security scheme must be applied in order to secure the operations of Java programs. In this paper, the Java security scheme is examined and current implementations are evaluated on the basis of their efficiency and flexibility. Finally, proposed enhancements and upcoming extensions to the security model are described.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [Balfanz,1997]
    D. Balfanz, L. Gong, (1997) “Secure Multi-Processing in Java„.Google Scholar
  2. [Bank, 1995]
    “Java Security”, available at http://www-swiss.ai.mit.edu/~jbank/javapaper.html
  3. [Felten, 1997]
    E.W. Felten, D. Balfanz, D. Dean, D.S. Wallach, (1997) “Web Spoofing: An Internet Con Game„, Proceeedings of the 20 th National Information Systems Security Conference.Google Scholar
  4. [Goldstein,1996]
    Goldstein T., (1996) The Gateway Security Model in the Java Electronic Commerce Framework, JavaSoft, available at http://www.javasoft.com/products/commerce/jectf_gateway.ps
  5. [Gong, 1997a]
    L. Gong, M. Mueller, H. Prafullchandra, R. Schemers, (1997) “Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2„, Proceedings of the USENIX Symposium on Internet Technologies and Systems.Google Scholar
  6. [Gong, 1997b]
    L. Gong, (1997) “New Security Architectural Directions for Java„, Proceedings of IEEE COMPCON).Google Scholar
  7. [Gong, 1998]
    L. Gong, R. Schemers (1998) “Implementing Protection Domains in the Java Development Kit 1.2„, Proceedings of the 1998 Network and Distributed Systems Security Symposium, Internet SocietyGoogle Scholar
  8. [Gritzalis, 1991]
    Gritzalis D., (1991) Information Systems Security, Greek Computer Society Publications (in Greek).Google Scholar
  9. [Martin, 1997]
    Martin D., Rajagopalan S., Rubin A., (1997) Blocking Java Applets at the Firewall, Proceedings of the SNDSS 1997 Symposium on Network and Distributed System Security, pp.123–133, IEEE Computer Society Press.Google Scholar
  10. [McGraw, 1996]
    McGraw G., Felten E., (1996) Java Security Hostile Applets, Holes and Antidotes, J. Wiley & Sons Inc.Google Scholar
  11. [Sun, 1997a]
    Sun Microsystems, (1997) Secure Computing with Java: Now and the Future, at http://java.sun.com/marketing/collateral/security.html
  12. [Sun, 1997b]
    The Java Virtual Machine Specification, (1997) available in the Web at http://java.sun.com/docs/books/vmspec/
  13. [Sun, 1997c]
    Sun Microsystems, (1997) Frequently Asked Questions - Applet Security, at http://java.sun.com/sfaq/
  14. [Wallach, 1997]
    D.S. Wallach, D. Balfanz, D. Dean, E.W. Felten, (1997) “Extensible Security Architectures for Java„, Proceedings of the 16th Symposium on Operating Systems Principles.Google Scholar
  15. [Zhang, 1997] X.N. Zhang, “Secure Code Distribution„, (1997) IEEE Computer.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg Berlin Heidelberg 1998

Authors and Affiliations

  • J. Iliadis
    • 1
    • 2
  • S. Gritzalis
    • 1
    • 2
  • V. Oikonomou
    • 2
  1. 1.Department of Information & Communication SystemsUniversity of the AegeanAthensGreece
  2. 2.Department of InformaticsTechnological Educational Institute (T.E.I.) of AthensAegaleoGreece

Personalised recommendations