Skip to main content

Towards Secure Downloadable Executable Content: The JAVA Paradigm

  • 352 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1516)

Abstract

Java is a programming language that conforms to the concept of downloadable, executable content. Java offers a wide range of capabilities to the application programmer, the most important being that a program may be executed remotely, without any modification, on almost any computer regardless of hardware configuration and operating system differences. However, this advantage raises a serious concern: security. When one downloads and executes code from various Internet sources, he is vulnerable to attacks by the code itself. A security scheme must be applied in order to secure the operations of Java programs. In this paper, the Java security scheme is examined and current implementations are evaluated on the basis of their efficiency and flexibility. Finally, proposed enhancements and upcoming extensions to the security model are described.

Keywords

  • Security Policy
  • Java Code
  • Java Virtual Machine
  • Java Programming Language
  • Secure Socket Layer

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/3-540-49646-7_9
  • Chapter length: 11 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-49646-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Balfanz, L. Gong, (1997) “Secure Multi-Processing in Java„.

    Google Scholar 

  2. “Java Security”, available at http://www-swiss.ai.mit.edu/~jbank/javapaper.html

  3. E.W. Felten, D. Balfanz, D. Dean, D.S. Wallach, (1997) “Web Spoofing: An Internet Con Game„, Proceeedings of the 20 th National Information Systems Security Conference.

    Google Scholar 

  4. Goldstein T., (1996) The Gateway Security Model in the Java Electronic Commerce Framework, JavaSoft, available at http://www.javasoft.com/products/commerce/jectf_gateway.ps

  5. L. Gong, M. Mueller, H. Prafullchandra, R. Schemers, (1997) “Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2„, Proceedings of the USENIX Symposium on Internet Technologies and Systems.

    Google Scholar 

  6. L. Gong, (1997) “New Security Architectural Directions for Java„, Proceedings of IEEE COMPCON).

    Google Scholar 

  7. L. Gong, R. Schemers (1998) “Implementing Protection Domains in the Java Development Kit 1.2„, Proceedings of the 1998 Network and Distributed Systems Security Symposium, Internet Society

    Google Scholar 

  8. Gritzalis D., (1991) Information Systems Security, Greek Computer Society Publications (in Greek).

    Google Scholar 

  9. Martin D., Rajagopalan S., Rubin A., (1997) Blocking Java Applets at the Firewall, Proceedings of the SNDSS 1997 Symposium on Network and Distributed System Security, pp.123–133, IEEE Computer Society Press.

    Google Scholar 

  10. McGraw G., Felten E., (1996) Java Security Hostile Applets, Holes and Antidotes, J. Wiley & Sons Inc.

    Google Scholar 

  11. Sun Microsystems, (1997) Secure Computing with Java: Now and the Future, at http://java.sun.com/marketing/collateral/security.html

  12. The Java Virtual Machine Specification, (1997) available in the Web at http://java.sun.com/docs/books/vmspec/

  13. Sun Microsystems, (1997) Frequently Asked Questions - Applet Security, at http://java.sun.com/sfaq/

  14. D.S. Wallach, D. Balfanz, D. Dean, E.W. Felten, (1997) “Extensible Security Architectures for Java„, Proceedings of the 16th Symposium on Operating Systems Principles.

    Google Scholar 

  15. [Zhang, 1997] X.N. Zhang, “Secure Code Distribution„, (1997) IEEE Computer.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg Berlin Heidelberg

About this paper

Cite this paper

Iliadis, J., Gritzalis, S., Oikonomou, V. (1998). Towards Secure Downloadable Executable Content: The JAVA Paradigm. In: Ehrenberger, W. (eds) Computer Safety, Reliability and Security. SAFECOMP 1998. Lecture Notes in Computer Science, vol 1516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49646-7_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-49646-7_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-65110-9

  • Online ISBN: 978-3-540-49646-5

  • eBook Packages: Springer Book Archive