1996-04-26 - Capability Security in Java

Header Data

From: frantz@netcom.com (Bill Frantz)
To: Simon Spero <ses@tipper.oit.unc.edu>
Message Hash: 260a5c9fc8e5ab04e2b47767598dd72830b3f66e1cf807768d5aa1c3326569f4
Message ID: <199604260056.RAA00833@netcom9.netcom.com>
Reply To: N/A
UTC Datetime: 1996-04-26 00:56:34 UTC
Raw Date: Thu, 25 Apr 1996 17:56:34 -0700 (PDT)

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Thu, 25 Apr 1996 17:56:34 -0700 (PDT)
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Capability Security in Java
Message-ID: <199604260056.RAA00833@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  4:38 PM 4/25/96 -0700, Simon Spero wrote:
>One thing that could be retroactively added to the vm pretty easily would 
>be the ability to add capability requirements to methods, and have the 
>class loader automatically generate code to check for those requirements 
>before executing the body of the method

Now there is a statement that makes me sit up and take notice.  I certainly
havn't thought this subject thru carefully, but to start, I think I would
like capabilities to be held by a specific object, so if I give a Java
object permission to read a file, that permission is not automatically
inherited by other objects, or instances of the same object which use the
common method.

There would also have to be a technique where capabilities could be passed
from object to object to allow subcontracting.

Having the capabilities held by objects means that access the objects needs
to be controled as well.  I notice some items on Hal's list of Java
security problems which indicate weaknesses in this area, but it is not
clear if they are bugs (which will be fixed) or "features".

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







Thread