Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Java Security Model For Mobile Code Abdo Achkar Mobile Code Definition: Code that can be transmitted across a network and executed on the other end. A mobile object is a “self contained piece” of executable code. Mobile code is dynamically loaded and executed by standalone programs. Ex: Browsers Advantages Of Mobile Code In Distributed Systems Eliminates installation problems of desktop applications. Favors portability to different platforms. Enhances scalability of client/server applications. Reduces software distribution costs. Criteria For Mobile Code Safe environment of execution Platform independence Life cycle control Security How Does Java Ensure These Criteria? Safety features built into the JVM Type-safe reference casting Structured memory access Automatic garbage collection Array bounds checking Checking references for null How Does Java Ensure These Criteria? (Cont’) The class loader architecture Primordial class loader (trusted) Class loader for other classes (non trusted) Every namespace has its own loader The class loader checks to make sure that the class does not declare itself to be a member of a trusted package How Does Java Ensure These Criteria? (Cont’) The class-file verifier Checks format and internal consistency Bytecode verifier • Checks that no local variable is accessed before instantiation • Checks that class’ fields are assigned values of proper type. • Checks methods’ arguments number and type Class Verifier (cont’) Phase two and dynamic linking Finding the class being referenced Replacing symbolic references with direct references (and remembering them) How Does Java Ensure These Criteria? (Cont’) The security manager Defines the limits of the “sandbox” Is consulted for permission for every potentially dangerous action. List of possible dangerous behaviors supported by security managers: Accepting/Opening sockets Modifying/Creating threads Creating new class loaders Creating new process Loading DLLs. Deleting/reading/writing from and to a file Advantages of using Java in mobile code Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Java is free Java code is robust (otherwise the loader/verifier would throw exceptions) Disadvantages of Java Slow due to all checkings it does Does not allow low level control of hardware without having to call natives. (can be a security advantage) Every class extends the class Object. This adds a lot of overhead to the program. Questions References http://www.javaworld.com/javaworld/jw-081997/jw-08-hood.html http://www.javaworld.com/javaworld/jw-091997/jw-09-hood.html http://www.javaworld.com/javaworld/jw-101997/jw-10-hood.html http://www.javaworld.com/javaworld/jw-111997/jw-11-hood.html http://www.cafeaulait.org/course/week13/26.html http://www.sims.berkeley.edu/academics/course s/is206/f97/GroupC/java.html