The Artima Developer Community
Sponsored Link

The Security Manager
The Authority that Can Restrict the Activities of Java Code
by Bill Venners
First Published in JavaWorld, October 1997

<<  Page 2 of 3  >>


Security beyond the architecture
To be effective, a computer or network security strategy must be comprehensive. It cannot consist exclusively of a sandbox for running downloaded Java code. For instance, it may not matter much that the Java applets you download from the Internet and run on your computer can't read the word processing file of your top-secret business plan if you:

In the context of a comprehensive security strategy, however, Java's security model can play a useful role.

Security is a tradeoff between cost and risk: The lower the risk of a security breach, the higher the cost of security. The costs associated with any computer or network security strategy must be weighed against the costs that would be associated with the theft or destruction of the information or computing resources being protected. The nature of a computer or network security strategy should be shaped by the value of the assets being protected.

The nice thing about Java's security model is that once you set it up, it does most of the work for you. You don't have to worry about whether a particular program is trusted or not -- the Java runtime will determine that for you. If the program is untrusted, the Java runtime will protect your assets by encasing the untrusted code in a sandbox.

Java's overall security strategy
Just as users of Java software must have a comprehensive security policy appropriate to their requirements, the security strategy of Java technology itself does not rely exclusively on the architectural security mechanisms described in this section. For example, one aspect of Java's security strategy is that anyone can sign a license agreement and get a copy of the source code of Sun's Java Platform implementation. Instead of keeping the internal implementation of Java's security architecture a secret "black box," it is open to anyone who wishes to look at it. This encourages security experts seeking a good technical challenge to seek out security holes in the implementation. When security holes are discovered, they can be patched. Thus, the openness of Java's internal implementation is part of Java's overall security strategy.

Besides openness, there are several other aspects to Java's overall security strategy that don't directly involve its architecture. You can find links to more information about these in the Resources section at the bottom of this article.

<<  Page 2 of 3  >>

Sponsored Links

Copyright © 1996-2018 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use