Java Security: From HotJava to Netscape and Beyond

Get BibTex-formatted data

Author

Drew Dean,Edward W. Felten,Dan S. Wallach

Entry type

inproceedings

Abstract

The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browswer. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browswers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.

Date

1996 – May

URL

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=502681

Institution

IEEE

Key alpha

Dean

Note

To appear in the 1996 IEEE Symposium on Security an Privacy

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ Dean,
	title = "Java Security: From HotJava to Netscape and Beyond",
	author = "Drew Dean,Edward W. Felten,Dan S. Wallach",
	year = "1996",
	month = "May",
	institution = "IEEE",
	note = "To appear in the 1996 IEEE Symposium on Security an Privacy",
	abstract = "The introduction of Java applets has taken the World Wide Web by storm.
Information servers can customize the presentation of their content with
server-supplied code which executes inside the Web browswer. We examine
the Java language and both the HotJava and Netscape browsers which support
it, and find a significant number of flaws which compromise their security.
These flaws arise for several reasons, including implementation errors,
unintended interactions between browser features, differences between the
Java language and bytecode semantics, and weaknesses in the design of the
language and the bytecode format. On a deeper level, these flaws arise
because of weaknesses in the design methodology used in creating Java and
the browswers. In addition to the flaws, we discuss the underlying tension
between the openness desired by Web application writers and the security
needs of their users, and we suggest how both might be accommodated.",
	url = "http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=502681",
}