Java security: from HotJava to Netscape and beyond
The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and f...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Tagungsbericht |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 200 |
---|---|
container_issue | |
container_start_page | 190 |
container_title | |
container_volume | |
creator | Dean, D. Felten, E.W. Wallach, D.S. |
description | The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated. |
doi_str_mv | 10.1109/SECPRI.1996.502681 |
format | Conference Proceeding |
fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_502681</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>502681</ieee_id><sourcerecordid>502681</sourcerecordid><originalsourceid>FETCH-LOGICAL-i148t-9fb6bac95a6b832811cc9463f6d7bba90072211979ffddc0161a5e15a031cc1d3</originalsourceid><addsrcrecordid>eNotj9tKw0AURQcvYFr9gT7NDySeM5PMxTcJta2UVrw8lzM3iNimJFHI31usT5u92CzYjM0QCkSw92_z-uV1VaC1qqhAKIMXLBNSVzkK0JdsAgaN0iVqccUyPLVcAeINm_T9J4AAacuMiWf6Id5H_901w_jAU9fu-bId_vDQ8k0cek_HyOkQuItjewi37DrRVx_v_nPKPp7m7_UyX28Xq_pxnTdYmiG3ySlH3laknJHCIHpvSyWTCto5sgBaCESrbUoheECFVEWsCORpiUFO2ezsbWKMu2PX7Kkbd-er8hdSOkUe</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Java security: from HotJava to Netscape and beyond</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Dean, D. ; Felten, E.W. ; Wallach, D.S.</creator><creatorcontrib>Dean, D. ; Felten, E.W. ; Wallach, D.S.</creatorcontrib><description>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</description><identifier>ISSN: 1081-6011</identifier><identifier>ISBN: 0818674172</identifier><identifier>ISBN: 9780818674174</identifier><identifier>EISSN: 2375-1207</identifier><identifier>DOI: 10.1109/SECPRI.1996.502681</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer science ; HTML ; Information security ; Java ; Memory management ; Navigation ; Storms ; Sun ; Web server ; Web sites</subject><ispartof>Proceedings 1996 IEEE Symposium on Security and Privacy, 1996, p.190-200</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/502681$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,4050,4051,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/502681$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Dean, D.</creatorcontrib><creatorcontrib>Felten, E.W.</creatorcontrib><creatorcontrib>Wallach, D.S.</creatorcontrib><title>Java security: from HotJava to Netscape and beyond</title><title>Proceedings 1996 IEEE Symposium on Security and Privacy</title><addtitle>SECPRI</addtitle><description>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</description><subject>Computer science</subject><subject>HTML</subject><subject>Information security</subject><subject>Java</subject><subject>Memory management</subject><subject>Navigation</subject><subject>Storms</subject><subject>Sun</subject><subject>Web server</subject><subject>Web sites</subject><issn>1081-6011</issn><issn>2375-1207</issn><isbn>0818674172</isbn><isbn>9780818674174</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>1996</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj9tKw0AURQcvYFr9gT7NDySeM5PMxTcJta2UVrw8lzM3iNimJFHI31usT5u92CzYjM0QCkSw92_z-uV1VaC1qqhAKIMXLBNSVzkK0JdsAgaN0iVqccUyPLVcAeINm_T9J4AAacuMiWf6Id5H_901w_jAU9fu-bId_vDQ8k0cek_HyOkQuItjewi37DrRVx_v_nPKPp7m7_UyX28Xq_pxnTdYmiG3ySlH3laknJHCIHpvSyWTCto5sgBaCESrbUoheECFVEWsCORpiUFO2ezsbWKMu2PX7Kkbd-er8hdSOkUe</recordid><startdate>1996</startdate><enddate>1996</enddate><creator>Dean, D.</creator><creator>Felten, E.W.</creator><creator>Wallach, D.S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>1996</creationdate><title>Java security: from HotJava to Netscape and beyond</title><author>Dean, D. ; Felten, E.W. ; Wallach, D.S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i148t-9fb6bac95a6b832811cc9463f6d7bba90072211979ffddc0161a5e15a031cc1d3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>1996</creationdate><topic>Computer science</topic><topic>HTML</topic><topic>Information security</topic><topic>Java</topic><topic>Memory management</topic><topic>Navigation</topic><topic>Storms</topic><topic>Sun</topic><topic>Web server</topic><topic>Web sites</topic><toplevel>online_resources</toplevel><creatorcontrib>Dean, D.</creatorcontrib><creatorcontrib>Felten, E.W.</creatorcontrib><creatorcontrib>Wallach, D.S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Dean, D.</au><au>Felten, E.W.</au><au>Wallach, D.S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Java security: from HotJava to Netscape and beyond</atitle><btitle>Proceedings 1996 IEEE Symposium on Security and Privacy</btitle><stitle>SECPRI</stitle><date>1996</date><risdate>1996</risdate><spage>190</spage><epage>200</epage><pages>190-200</pages><issn>1081-6011</issn><eissn>2375-1207</eissn><isbn>0818674172</isbn><isbn>9780818674174</isbn><abstract>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</abstract><pub>IEEE</pub><doi>10.1109/SECPRI.1996.502681</doi><tpages>11</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | ISSN: 1081-6011 |
ispartof | Proceedings 1996 IEEE Symposium on Security and Privacy, 1996, p.190-200 |
issn | 1081-6011 2375-1207 |
language | eng |
recordid | cdi_ieee_primary_502681 |
source | IEEE Electronic Library (IEL) Conference Proceedings |
subjects | Computer science HTML Information security Java Memory management Navigation Storms Sun Web server Web sites |
title | Java security: from HotJava to Netscape and beyond |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T16%3A53%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Java%20security:%20from%20HotJava%20to%20Netscape%20and%20beyond&rft.btitle=Proceedings%201996%20IEEE%20Symposium%20on%20Security%20and%20Privacy&rft.au=Dean,%20D.&rft.date=1996&rft.spage=190&rft.epage=200&rft.pages=190-200&rft.issn=1081-6011&rft.eissn=2375-1207&rft.isbn=0818674172&rft.isbn_list=9780818674174&rft_id=info:doi/10.1109/SECPRI.1996.502681&rft_dat=%3Cieee_6IE%3E502681%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=502681&rfr_iscdi=true |