Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


The Java Security Architecture: How? and Why?

  • September 2016
  • By David Svoboda
  • In this tutorial, David Svoboda describes the design of Java's security architecture and its pros and cons.
  • Secure Coding
  • Publisher: JavaOne
  • Abstract

    One of Java’s unique features is the ability to safely run untrusted code such as applets. What is the design of the security architecture? What are the pros and cons of using it? This session presents an overview of Java’s security architecture, focusing on its strengths and weaknesses. It also reviews how the architecture was built and recently exploited. It examines the design, comparing Java’s security architecture with other privilege systems such as UNIX file permissions. The presentation correlates design and coding principles with guidelines from the CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines. Finally, the session focuses on what lessons can be learned from the security architecture.

Presentation Information

Published by JavaOne

View Presentation