18-01-2011, 12:54 PM
Abstract
Whenever someone uses a Java-enabled browser like Netscape Navigator or Microsoft Internet Explorer to surf the Web, he becomes a java user. All Java users are taking security risks, because most java code is automatically downloaded across the network and runs on the user's machine. The hostile Java programs could trash their machine. Fortunately, the creators of Java made a good effort to protect users from these hazards. Security for the Java Platform has multiple layers. First of all, the Java language is strongly typed and does not include any unsafe constructs, such as array accesses without index checking. Second, mechanisms (for example, class loaders) are in place to ensure a sufficient degree of separation between multiple Java programs. Third, access to crucial system resources is mediated by the Java virtual machine. A security manager is installed to deny all requests for unauthorized access. The Java 2 and the latest version incorporate a security architecture that support policy-driven, fine-grained, flexible, and extensible access control. This thesis is meant to introduce basic concepts of Java and about risks, and to provide a general overview of Java security in distributed program environments and give references for more detailed information.
Whenever someone uses a Java-enabled browser like Netscape Navigator or Microsoft Internet Explorer to surf the Web, he becomes a java user. All Java users are taking security risks, because most java code is automatically downloaded across the network and runs on the user's machine. The hostile Java programs could trash their machine. Fortunately, the creators of Java made a good effort to protect users from these hazards. Security for the Java Platform has multiple layers. First of all, the Java language is strongly typed and does not include any unsafe constructs, such as array accesses without index checking. Second, mechanisms (for example, class loaders) are in place to ensure a sufficient degree of separation between multiple Java programs. Third, access to crucial system resources is mediated by the Java virtual machine. A security manager is installed to deny all requests for unauthorized access. The Java 2 and the latest version incorporate a security architecture that support policy-driven, fine-grained, flexible, and extensible access control. This thesis is meant to introduce basic concepts of Java and about risks, and to provide a general overview of Java security in distributed program environments and give references for more detailed information.