Understanding JVM and the Implications of Sandbox Model
Java is a technology from Oracle (formerly: Sun Microsystems).Since 1995, when Java was first presented; there has been strong and growing interest for java security. Java can be defined as a general-purpose, concurrent, class-based, object-oriented computer programming language that is specifically designed to have as few implementation dependencies as possible. This language is intended to let application developers "write once, run anywhere" (WORA), meaning that code that runs on one platform does not need to be recompiled to run on another. This means that the Java applications are typically compiled to bytecode (class file) that can run on any Java virtual machine (JVM) regardless of computer architecture.
In Java language/platform one of the main design considerations is to provide a secure environment for executing mobile code. Java language is widely used and has its own unique set of security challenges. With the help of the Java security architecture we can protect users and systems from hostile programs downloaded over a network, it cannot defend against implementation bugs that occur in trusted code. The bugs in our code can inadvertently open the very holes that the security architecture was designed to contain, including access to files, printers, webcams, microphones, and the network from behind firewalls. In severe cases local programs may be executed or Java security disabled. These bugs can potentially be used to turn the machine into a zombie computer, steal confidential data from machine and intranet, spy through attached devices, prevent useful operation of the machine, assist further attacks, and many other malicious activities. The choice of language system impacts the robustness of any software program. The Java language and virtual machine provides us with many features to mitigate common programming mistakes.
In today’s world hacking is done for both ethical and unethical reasons. A lot of security professionals and hackers are permanently trying to break out each security system, and they use more and more sophisticated ideas, approaches and tools. So software systems producers have also to improve their products permanently, and make them more reliable, secure and proof to different kinds of attacks.
The Java platform was designed keeping in mind security. As we know at its core, the Java language itself is type-safe and provides automatic garbage collection, enhancing the robustness of application code. A secure class loading and verification mechanism ensures that only legitimate Java code is executed. Java programs and libraries check for illegal state at the earliest opportunity. These features also make Java programs immune to the stack-smashing and buffer overflow attacks possible in the C and to a lesser extent C++ programming languages. These attacks have been described as the single most pernicious problem in computer security today. The explicit static typing of Java makes code easy to understand and the dynamic checks ensure unexpected conditions result in predictable behavior -- which makes Java a joy to use.
Java Security at Language Level
Security in Java is enforced through a number of mechanisms. We can see Java Security implemented via basic language features:
Java is simplified and easy to use. If we compare Java with other languages like C++ it is much simpler. Java is strictly object-oriented. In Java we know the wrapper classes defined even for the simple data types, and there can be no structures outside classes. Thus all security-related advantages of the object-oriented paradigm can be used. Java has Final classes and methods. In Java Language Security this feature disallows sub-classing when applied to class definitions and disallows overriding when applied to method definitions, and prevents the undesired modification of certain functionality. We know that Java is a strongly typed language. Polymorphism is a very powerful object-oriented feature, but it holds potential risks of masking hostile objects. Both the compiler and the runtime checking disallow such possibilities, because no assignment can be made if object types are incompatible. One of the features we know in Java language is automated memory management with no direct use of pointers and address arithmetic. Availability of this feature disallows incorrect memory access and minimizes the probability of memory leaks, unauthorized data access and runtime crashes.
Please visit Simplilearn's Java Development Certification Training
About the On-Demand Webinar
About the Webinar