• DocumentCode
    1805624
  • Title

    Java security: from HotJava to Netscape and beyond

  • Author

    Dean, Drew ; Felten, Edward W. ; Wallach, Dan S.

  • Author_Institution
    Dept. of Comput. Sci., Princeton Univ., NJ, USA
  • fYear
    1996
  • fDate
    6-8 May 1996
  • Firstpage
    190
  • Lastpage
    200
  • Abstract
    The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated
  • Keywords
    high level languages; internetworking; security of data; HotJava; Java security; Netscape; Web browser; World Wide Web; browsers; bytecode semantics; implementation errors; information servers; security needs; Computer science; HTML; Information security; Java; Memory management; Navigation; Storms; Sun; Web server; Web sites;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
  • Conference_Location
    Oakland, CA
  • ISSN
    1081-6011
  • Print_ISBN
    0-8186-7417-2
  • Type

    conf

  • DOI
    10.1109/SECPRI.1996.502681
  • Filename
    502681