4WWW95: low level
security in Java
author:
frank yellin, Sun Microsystems
security in Java:
frank told us that Java was originally designed for personal assistant type
systems. the Java programming language is similar to C, but it was designed to
be secure through the following features:
- the complete source code for both, the compiler and the interpreter are
available
- the Java language is strictly defined
- no pointer arithmetic available
- garbage collection
- extensive compile-time checking
- class file verification
the bytecodes produce by the Java compiler are executed by means of a
runtime system or emulator for the virtual machine's instruction set. the same
bytecode can be run on any platform for which a virtual machine is available.
before the virtual machine interprets a class file, the later undergoes a four
pass verification process to ensure system security:
- verify correct class file format
- performs all verifications that can be done without actually looking at
the bytecodes
- this most complex pass inspects the bytecodes, performs data flow analysis
and so on. this pass is known as "bytecode
verifier".
- performs tests that were delayed in pass 3 to increase performance
my personal concern: this sounds all very nice, but how do i know that i can
trust the virtual machine ?
for more information, see
back to 4WWW95 main document.
4WWW95 low level security in Java / 28-jan-1999 (ra) /
reto ambühler
!!! Dieses Dokument stammt aus dem
ETH Web-Archiv und wird nicht mehr gepflegt !!!
!!! This document is stored in the
ETH Web archive and is no longer maintained !!!