Java security

from HotJava to netscape and beyond

Drew Dean, Edward William Felten, Dan S. Wallach

Research output: Contribution to journalArticle

102 Citations (Scopus)

Abstract

The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the cytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.

Original languageEnglish (US)
Pages (from-to)190-200
Number of pages11
JournalProceedings of the IEEE Computer Society Symposium on Research in Security and Privacy
StatePublished - Jan 1 1996

Fingerprint

Defects
Servers
Web browsers
World Wide Web
Semantics

All Science Journal Classification (ASJC) codes

  • Software

Cite this

@article{265e6a46b7ca4b56901212025974d2dc,
title = "Java security: from HotJava to netscape and beyond",
abstract = "The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the cytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.",
author = "Drew Dean and Felten, {Edward William} and Wallach, {Dan S.}",
year = "1996",
month = "1",
day = "1",
language = "English (US)",
pages = "190--200",
journal = "Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy",
issn = "1063-7109",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

Java security : from HotJava to netscape and beyond. / Dean, Drew; Felten, Edward William; Wallach, Dan S.

In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 01.01.1996, p. 190-200.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Java security

T2 - from HotJava to netscape and beyond

AU - Dean, Drew

AU - Felten, Edward William

AU - Wallach, Dan S.

PY - 1996/1/1

Y1 - 1996/1/1

N2 - The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the cytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.

AB - The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the cytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.

UR - http://www.scopus.com/inward/record.url?scp=0029697575&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0029697575&partnerID=8YFLogxK

M3 - Article

SP - 190

EP - 200

JO - Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy

JF - Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy

SN - 1063-7109

ER -