Security Features of Applets in JDK1.2
Members
Shannon Newbold
Project Proposal
With the growing populatity of Java as a programming language to build
applications and applets we need to analyze the security features of
the language, especially when building applets. Java applets are
downloaded by host computers via a web browser and executed. The java
virtual machine creates a secure processes space for each applet to run
in. This secure space is know as the "Java Sandbox." The applet is
restricted to run within the sandbox and cannot go outside the "box" to
access any of the resources on the host machine. From a security
standpoint this, policy does not allow mallicious java applets wreak
havoc on host machines. From the standpoint of a legitimate applet
developer, this policy is much to restrictive.
As a solution to this problem, browser developers, such as Microsoft
and Netscape are pushing for applets that can be granted capabilities,
by the host user, to access resources on the host machine. With the
release of Java1.2 Netscape has released a Capabilities API for java.
Microsoft is working on there own version. In a sense this new API is
giving applets the ability to play outside the "sandbox" created by the
virtual machine.
The goal of this paper is to explore what Netscape and Microsoft are
trying to accomplish with there new API's and are they violating Sun's
Java security policy. Does this also open the door for new class of
"applet" viruses.
Send email to
bishop@cs.ucdavis.edu.
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 4/23/2000