Java security

L. Peter Deutsch (ghost@aladdin.com)
Fri, 3 Oct 97 06:02 PDT

Message-Id: <m0xH7Mr-000R25C@lamp.aladdin.com>
Date: Fri, 3 Oct 97 06:02 PDT
From: "L. Peter Deutsch" <ghost@aladdin.com>
To: gong@games.eng.sun.com
Subject: Java security

>> Given the security problems with Java ...
>
> I was forwarded your message above (full msg below). Given that I am
> responsible for overall Java security, I am interested to hear what
> specific security problems you were thinking and why these had impact
> on what you were discussing. (Please CC me on your reply.) Thanks.

I would have to do some digging to find the articles that led me to make the
above comment. There are several general classes of security problems with
Java that have been widely reported in the public press:

1) Java has no security kernel. Security in Java depends on an
enormous amount of widely dispersed code being bug-free.

2) The definition of what security guarantees are being provided is
unclear. For example, without a clear model of what it means for an access
to be authorized, the question of whether an unauthorized access has
occurred is unclear.

3) Because Java has no model of resource allocation,
denial-of-service problems are not dealt with.

4) The Java VM definition does not specify precisely what
constitutes legal compiled code: it specifies neither what properties of
compiled code are sufficient to guarantee legal execution by all conforming
VMs, nor how those properties are verified by the loader. It is therefore
possible for rogue bytecode to exploit weaknesses in particular
implementations of the checker or in the VM's execution machinery,
implementations which may nevertheless conform to the published
specifications.

Any of the above is sufficient to create security concerns with execution of
downloaded content (applets).

I have not been reading the java-security list: I base the above comments on
examples of all of the above problems that have appeared in the public
press. If solutions to these problems have been found, implemented, and
published, please let us know the references.

-- 

L. Peter Deutsch | Aladdin Enterprises :::: ghost@aladdin.com 203 Santa Margarita Ave. | tel. +1-650-322-0103 (AM only); fax +1-650-322-1734 | ** NOTE ^^^ NEW AREA CODE AS OF AUG. 1 ^^^ ** Menlo Park, CA 94025 | http://www.cs.wisc.edu/~ghost/index.html "Few things are impossible to diligence and skill."