Title :
Java Security: A Ten Year Retrospective
Author_Institution :
Mozilla Online Ltd., Beijing, China
Abstract :
The first edition of Java (both the language and the platform) was released in 1995, which contained the all-or-nothing security access model. A mid-1997 paper I published in IEEE Micro laid out a vision for the future of Java security, which notably included a model for fine-grained access control, a crypto architecture, and a number of other security mechanisms. The first implementation of these features was officially released in late 1998 as part of the JDK 1.2 platform. Ten years on, the original vision of Java security was largely realized and the overall architecture had in fact been carried over to both the enterprise Java and mobile Java platforms. This paper reflects on lessons - technical and otherwise - learned in the process of designing and implementing the Java security architecture and in the aftermath of its release into the real world.
Keywords :
Java; cryptography; software architecture; Java security architecture; access control; crypto architecture; enterprise Java; mobile Java; security access model; Access control; Application software; Computer architecture; Computer security; Cryptography; Java; Magnetic heads; Process design; Runtime; Sun; Java; access control; least privilege; mobile code; safe programming; security;
Conference_Titel :
Computer Security Applications Conference, 2009. ACSAC '09. Annual
Conference_Location :
Honolulu, HI
Print_ISBN :
978-0-7695-3919-5
DOI :
10.1109/ACSAC.2009.44
