dslogo1.gif
Home
Tutorials
Password Crackers
Dictionary/Word Lists
Unix
Encryption
Port Scanners
Privacy/Anonymity
Trojans
Contact/About Me
The Lighter Side
Proxy Servers
Password Managers
Anti-Trojan/Virus
Personal Firewalls
Anti-Spyware
Secure File Deletion
Internet Cleanup Tools
PC Access Control
System Utilities
Email Security
Instant Messengers
Virus Creation Software
IRC
Web Development
Digital Soldier M.A.M.E
Digital Soldier Wallpaper
Digital Soldier Emulation
Digital Soldier Javascripts
Digital Soldier Games Spot

Java Security: From HotJava to Netscape and Beyond
Abstract :
 
The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.

Published
1996 IEEE Symposium on Security and Privacy (Oakland, California), May 1996.

Text
PostScript (144 KB)
gzip'd PostScript (50 KB)
PDF (Adobe Acrobat 2.1) (156 KB)
Slides
Bell Labs Talk, 5 April 1996, 35 slides, one per page.
PostScript (518 KB)
gzip'd PostScript (50 KB)
PDF (Adobe Acrobat 2.1) (338 KB)
Bell Labs Talk, 5 April 1996, 35 slides, two per page.
PostScript (370 KB)
gzip'd PostScript (44 KB)
PDF (Adobe Acrobat 2.1) (199 KB)
IEEE Symposium on Security and Privacy, 6-8 May 1996, 14 slides, one per page.
PostScript (556 KB)
gzip'd PostScript (275 KB)
PDF (Adobe Acrobat 2.1) (65 KB)
"Java Policies", 6 slides, one per page
PostScript (37 KB)
gzip'd PostScript (6 KB)
PDF (Adobe Acrobat 2.1) (37 KB)

See Also
Java Security: Web Browers and Beyond. Drew Dean, Edward W. Felten, Dan S. Wallach, and Dirk Balfanz. Internet Beseiged: Countering Cyberspace Scofflaws, Dorothy E. Denning and Peter J. Denning, eds. ACM Press (New York, New York), October 1997.
Security Flaws in the HotJava Web Browser. Drew Dean and Dan S. Wallach, Technical Report 501-95, Department of Computer Science, Princeton University, November 1995.
Princeton University
Department of Computer Science
Contact: sip@cs.princeton.edu