• DocumentCode
    3100678
  • Title

    Java Security: A Ten Year Retrospective

  • Author

    Gong, Li

  • Author_Institution
    Mozilla Online Ltd., Beijing, China
  • fYear
    2009
  • fDate
    7-11 Dec. 2009
  • Firstpage
    395
  • Lastpage
    405
  • Abstract
    The first edition of Java (both the language and the platform) was released in 1995, which contained the all-or-nothing security access model. A mid-1997 paper I published in IEEE Micro laid out a vision for the future of Java security, which notably included a model for fine-grained access control, a crypto architecture, and a number of other security mechanisms. The first implementation of these features was officially released in late 1998 as part of the JDK 1.2 platform. Ten years on, the original vision of Java security was largely realized and the overall architecture had in fact been carried over to both the enterprise Java and mobile Java platforms. This paper reflects on lessons - technical and otherwise - learned in the process of designing and implementing the Java security architecture and in the aftermath of its release into the real world.
  • Keywords
    Java; cryptography; software architecture; Java security architecture; access control; crypto architecture; enterprise Java; mobile Java; security access model; Access control; Application software; Computer architecture; Computer security; Cryptography; Java; Magnetic heads; Process design; Runtime; Sun; Java; access control; least privilege; mobile code; safe programming; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2009. ACSAC '09. Annual
  • Conference_Location
    Honolulu, HI
  • ISSN
    1063-9527
  • Print_ISBN
    978-0-7695-3919-5
  • Type

    conf

  • DOI
    10.1109/ACSAC.2009.44
  • Filename
    5380693
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3100678