The Java Security Architecture: How? and Why?
September 2016 • Presentation
In this tutorial, David Svoboda describes the design of Java's security architecture and its pros and cons.
One of Java’s unique features is the ability to safely run untrusted code such as applets. What is the design of the security architecture? What are the pros and cons of using it? This session presents an overview of Java’s security architecture, focusing on its strengths and weaknesses. It also reviews how the architecture was built and recently exploited. It examines the design, comparing Java’s security architecture with other privilege systems such as UNIX file permissions. The presentation correlates design and coding principles with guidelines from the CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines. Finally, the session focuses on what lessons can be learned from the security architecture.