Chapter 13
Java Security

The Internet has seen phenomenal growth and development in the last several years with more and more people hooking up, and more and more standards for connectivity and transport being developed. What was once a medium for basic Telnet, e-mail, and FTP protocols now carries full multimedia data including voice, video, three-dimensional worlds, and now cross-platform applications in the form of the Java environment developed by Sun Microsystems.

The Java environment provides the means for distributing dynamic content through applets in HyperText documents, platform-independent standalone applications, and protocol handlers. This functionality supplies the features to develop the future of the Internet—features such as intelligent agents, interactive 3D worlds, and self-updating software and multimedia titles.

Java provides this functionality through its object-oriented structure, robust environment, multithreading capability, and ease of use. Consequently, Java creates demanding applications, such as VRML engines and intelligent agents, which will be required for realizing the anticipated future of the Internet. Understanding the architecture of the Java environment and how this relates to security is the first step in realizing the potential of Java in this future and the wider world of distributed computing.

Java presents an unusual security situation for a system administrator. Many security techniques focus on attempting to keep unauthorized access and program execution from transmitting over the Internet. With Java, you are allowing executables downloaded from the Internet to be executed right on the system. Although this provides a very powerful application tool, it can be quite unsettling in terms of security.

Two primary issues arise in protecting systems from distributed executables such as Java. First, the Java runtime environment must protect against intentional attacks that applets may attempt when they are downloaded onto a machine. These attacks primarily include accessing or damaging the file system or critical memory areas of a client computer. Second, the Java programming language and runtime environment must be able to protect a system from unintentional problems that may arise due to programming error. These errors, if allowed to execute, can cause system crashes or data corruption if they occur at critical times.

Because of the danger that is associated with allowing foreign programs to run on a client machine, the design of Java is in many ways dictated by the requirement that the executables be unable to carry out intentional or unintentional attacks on the underlying system, while at the same time providing a flexible and powerful development environment.

This chapter covers how the Java environment and language protects against these kinds of attacks, and what system administrators and users should be aware of in this new era of distributed computing. This chapter is divided into several sections, each detailing different aspects of the Java system.

•  Java’s functionality. This section provides a brief overview of the Java environment and the features it provides in order to give the reader an understanding of how Java might be used in a networked system.

•  History of the Java language. This section covers the history of the language itself.

•  Main features of the Java environment. This section covers the language and architecture of Java in more specific detail and includes explanations of key protective layers that Java implements to keep executables in line.

•  From class file to execution. This section covers the entire process of how a Java program is created and executed on a client machine, and shows the steps taken to ensure that code will not be able to carry out destructive activities.

•  The Java Virtual Machine. The Java Virtual Machine (JVM) is the machine language specification that the interpreter implements, and for which the compiler creates code. This specification is designed around the particular problems that arise from the distributed, yet necessarily secure nature of the language.

•  Setting up Java security features. This section covers the settings that can be set by the client-side Java user to define the levels of security when running Java applets.

The amazing potential of Java must also be tempered by the reality of a totally connected environment and the security risks that this entails. Even if a programmer doesn’t intend to cause problems on a client machine, in critical applications, even the smallest bug can wreak havoc. If someone is intentionally trying to cause damage, the problem becomes even worse. The Java system is designed to prevent both of these kinds of behavior in programs. Before exploring the specific features of the Java environment and how they provide for secure client-side execution, it is important to understand the functionality and features that make Java an important and powerful new tool in the development of the Internet.