Date: Wed, 4 Jun 1997 16:30:25 +1000 (EST)
From: Shelina Gorain <shelina@dstc.qut.edu.au>
To: java-security@web2.javasoft.com, jdk-comments@web2.javasoft.com
Subject: JDK 1.1 security comments
Hello there,
i have had some thoughts on the security benefits of the JDK 1.1.
API. I sent a similar message to the java security news group but didnt
get much clarification - i would appreciate your response to my opinion
as i may be missing some important information.
>From reading papers, news, etc.. I have noticed there are 2 prominent
opinions to Java security: 1-the security model has been too restrictive,
not allowing applets to do anything useful like write to disk. 2-the
security model has numerous implementation as well as design flaws that
have allowed it to be broken by hostile applets.
It seems to me that the JDK 1.1. API is a solution to the 1st problem of
applets being too restricted by the sandbox. It doesnt however solve the
2nd problem of hostile applets that try to break out of the sandbox...
This is because an applet signed by a trusted source can run as though it
was a local application. But the rest of applets still run as before -
ie: in the sandbox which has had a number of holes up till now...
So far, i am not aware of any way to guard against hostile applets with
the 1.1 API - eg: there is presently no mechanism to load ONLY applets
from trusted sources.
While i am aware of the Acl interface for access control, i believe this
is not in use until JavaSoft implements it in a future release? Also,
won't the responsibility of the Acl's implementation be with the browser
vendors? Meaning that until the browsers come out with support for Acl
there is no fine-grained access-control support?
In short, at this point in time, it seems to me that there is no mechanism
for improved protection from untrusted applets in the JDK 1.1.
I may have completely misunderstood or overlooked parts of the 1.1. API,
if thats the case, i'm hoping you can point me in the right direction.
Thanks for you help,
___________________________________________________________________
Shelina Gorain shelina@dstc.qut.edu.au
Research Scientist, Security Unit http://www.dstc.qut.edu.au/
Distributed Systems Technology Centre phone: +61 7 3864 5119
Queensland University of Technology fax: +61 7 3864 1282