This paper provides a high-level overview of the development and evolution of JavaTM security. Java is a maturing technology that has evolved from its commercial origins as a browser-based scripting tool. We review the various deployment environments in which Java is being targeted, some of its run-time characteristics, the security features in the current releases of the base technology, the new Java Development Kit (JDKTM) 1.2 policy-based security model, limitations of stack-based authorization security models, general security requirements, and future directions that Java security might take. IBM initiatives in Java security take into account our customers' desire to deploy Java-based enterprise solutions. Since JDK 1.2 was entering beta test at the time this paper was written, some operational changes and enhancements may result from industry feedback by the time JDK 1.2 becomes generally available.
[1]
David T. Flanagan.
Java in a nutshell - a desktop quick reference: covers Java 1.1 (2. deluxe edition)
,
1997
.
[2]
David Flanagan.
Java in a nutshell (2nd ed.): a desktop quick reference
,
1997
.
[3]
James S. Rothfuss,et al.
Go ahead, visit those web sites, you can't get hurt… can you?
,
1997
.
[4]
Frank Yellin,et al.
The Java Virtual Machine Specification
,
1996
.
[5]
W. Gropp,et al.
Accepted for publication
,
2001
.
[6]
Dan S. Wallach,et al.
Web Spoofing: An Internet Con Game
,
1997
.
[7]
Flavio De Paoli,et al.
Vulnerability Of "secure" Web Browsers
,
1997
.