DocumentCode
1805624
Title
Java security: from HotJava to Netscape and beyond
Author
Dean, Drew ; Felten, Edward W. ; Wallach, Dan S.
Author_Institution
Dept. of Comput. Sci., Princeton Univ., NJ, USA
fYear
1996
fDate
6-8 May 1996
Firstpage
190
Lastpage
200
Abstract
The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated
Keywords
high level languages; internetworking; security of data; HotJava; Java security; Netscape; Web browser; World Wide Web; browsers; bytecode semantics; implementation errors; information servers; security needs; Computer science; HTML; Information security; Java; Memory management; Navigation; Storms; Sun; Web server; Web sites;
fLanguage
English
Publisher
ieee
Conference_Titel
Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
Conference_Location
Oakland, CA
ISSN
1081-6011
Print_ISBN
0-8186-7417-2
Type
conf
DOI
10.1109/SECPRI.1996.502681
Filename
502681
Link To Document