Java Sandbox
Another layer of security protection is commonly referred to as thesandbox model: untrusted code is placed in a sandbox, where it can
play safely and without doing any damage to the real world, or the full
Java environment. When an applet or other untrusted code is running
in the sandbox, there are a number of restrictions on what it can do.
The most obvious of these restrictions is that it has no access to the local
file system.
Security Manager
The Security Manager class enforces a number of other restrictions. All
the core Java classes that perform sensitive operations, such as
filesystem access, first have to ask permission of the currently installed
Security Manager. If the call is being made by untrusted code, the
security manager throws an exception, and the operation is not
permitted.
Digital Signatures
Finally, by attaching a digital signature to Java code, the origin of that
code can be established in a cryptographically secure and unforgeable
way. If a person or organization is specified to be trusted, then code
that bears the digital signature of that trusted entitiy, is also trusted,
even when loaded over the network. It may also be run without the
restrictions of the sandbox model.
Java Virtual Machine (JVM)
All in all, Java security is the task of the Java Virtual Machine in the webbrowser, which means that once again security is placed in a layer
above the operating system. All now rests on the integrity of that
operating system. Additionally, a lot of bugs have been reported by the
Princeton Secure Internet Programming Group, often consisting of
breaking the type system.
Java Security Summation
It turns out that the security mechanisms described cannot give usenough assurance. Hence, there are many reasons to stay nervous
about letting applets through a firewall and into a browser. If security
is of paramount importance, applets should be blocked.
No comments:
Post a Comment