QuoteRef: deanD5_1996

topics > all references > ThesaHelp: references c-d

references c-d
security leaks and weaknesses
object code linkers and loaders
security of remotely executed code
mobile code
range checking
program proving
type-safe and secure languages
type checking


Dean, D., Felten, E.W., Wallach, D.S., "Java security: from HotJava to Netscape and beyond", Proceedings 1996 IEEE Symposium Security and Privacy, Oakland, California, IEEE Computer Society, pp. 190-200, May 1996. Google

abstract ;;Quote: remotely-loaded code may have security flaws. For example, Java has many security flaws such as covert channels and lacking a formal security policy
190 ;;Quote: remotely-loaded code should limit access to the file system, CPU, network, graphics display, and internal state
190+;;Quote: a language for remotely-loaded code should have a safe type system, garbage-collection, and carefully managed system calls
191 ;;Quote: a covariant rule for subtyping arrays requires a run time type check for array stores; otherwise can copy a larger element into a smaller element
192 ;;Quote: a Java applet can busy-wait, allocate unbounded amounts of memory, or lock critical pieces of the browser
196 ;;Quote: without a formal semantics or a formal type system, can not reason about Java or the security properties of its libraries
197 ;;Quote: type checking normally occurs with the abstract syntax tree; allows context, type correctness of subexpressions, and one type rule per construct
197+;;Quote: a bytecode verifier must show that all possible execution paths have the same virtual machine configuration; complicates type checking
199 ;;Quote: a teleconferencing applet needs the same access rights as a bugged phone; need a unforgeable capability and an explicit "push to talk"
199 ;;Quote: applets should request capabilities when first loaded with a digital signature to thwart spoofing attacks; otherwise users will disable security checks
199 ;;Quote: an untrusted applet can use a trusted dialog box to gain access to files and other system resources
199 ;;Quote: use natural interfaces instead of security dialogs, e.g., 'Paste to Applet'. Keep the user in control

Related Topics up

ThesaHelp: references c-d (337 items)
Topic: security leaks and weaknesses (56 items)
Topic: object code linkers and loaders (29 items)
Topic: security of remotely executed code (22 items)
Topic: mobile code (14 items)
Topic: range checking (20 items)
Group: program proving   (10 topics, 310 quotes)
Topic: type-safe and secure languages (42 items)
Group: security   (23 topics, 802 quotes)
Group: type checking   (12 topics, 385 quotes)

Collected barberCB 3/98
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.