Treffer: Java Security: Web Browsers and Beyond

Title:
Java Security: Web Browsers and Beyond
Authors:
Drew Dean, Edward Felten, Dan Wallach, Dirk Balfanz
Contributors:
The Pennsylvania State University CiteSeerX Archives
Source:
http://www.cs.wisc.edu/~jgast/cs740/papers/java-security2.ps.
Publisher Information:
ACM Press
Publication Year:
1998
Collection:
CiteSeerX
Document Type:
Fachzeitschrift text
File Description:
application/postscript
Language:
English
Relation:
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.8857
Availability:
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.8857
http://www.cs.wisc.edu/~jgast/cs740/papers/java-security2.ps
Rights:
Metadata may be used without restrictions as long as the oai identifier remains attached to it.
Accession Number:
edsbas.47FD3975
Database:
BASE

Weitere Informationen

The introduction of Java applets has taken the World Wide Web by storm. Java allows web creators to embellish their content with arbitrary programs which execute in the web browser, whether for simple animations or complex front-ends to other services. We examined the Java language and the Sun HotJava, Netscape Navigator, and Microsoft Internet Explorer browsers which support it, and found a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by web application writers and the security needs of their users, and we sug.