Java security: from HotJava to Netscape and beyond

The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and f...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dean, D., Felten, E.W., Wallach, D.S.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 200
container_issue
container_start_page 190
container_title
container_volume
creator Dean, D.
Felten, E.W.
Wallach, D.S.
description The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.
doi_str_mv 10.1109/SECPRI.1996.502681
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_502681</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>502681</ieee_id><sourcerecordid>502681</sourcerecordid><originalsourceid>FETCH-LOGICAL-i148t-9fb6bac95a6b832811cc9463f6d7bba90072211979ffddc0161a5e15a031cc1d3</originalsourceid><addsrcrecordid>eNotj9tKw0AURQcvYFr9gT7NDySeM5PMxTcJta2UVrw8lzM3iNimJFHI31usT5u92CzYjM0QCkSw92_z-uV1VaC1qqhAKIMXLBNSVzkK0JdsAgaN0iVqccUyPLVcAeINm_T9J4AAacuMiWf6Id5H_901w_jAU9fu-bId_vDQ8k0cek_HyOkQuItjewi37DrRVx_v_nPKPp7m7_UyX28Xq_pxnTdYmiG3ySlH3laknJHCIHpvSyWTCto5sgBaCESrbUoheECFVEWsCORpiUFO2ezsbWKMu2PX7Kkbd-er8hdSOkUe</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Java security: from HotJava to Netscape and beyond</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Dean, D. ; Felten, E.W. ; Wallach, D.S.</creator><creatorcontrib>Dean, D. ; Felten, E.W. ; Wallach, D.S.</creatorcontrib><description>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</description><identifier>ISSN: 1081-6011</identifier><identifier>ISBN: 0818674172</identifier><identifier>ISBN: 9780818674174</identifier><identifier>EISSN: 2375-1207</identifier><identifier>DOI: 10.1109/SECPRI.1996.502681</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer science ; HTML ; Information security ; Java ; Memory management ; Navigation ; Storms ; Sun ; Web server ; Web sites</subject><ispartof>Proceedings 1996 IEEE Symposium on Security and Privacy, 1996, p.190-200</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/502681$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,4050,4051,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/502681$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Dean, D.</creatorcontrib><creatorcontrib>Felten, E.W.</creatorcontrib><creatorcontrib>Wallach, D.S.</creatorcontrib><title>Java security: from HotJava to Netscape and beyond</title><title>Proceedings 1996 IEEE Symposium on Security and Privacy</title><addtitle>SECPRI</addtitle><description>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</description><subject>Computer science</subject><subject>HTML</subject><subject>Information security</subject><subject>Java</subject><subject>Memory management</subject><subject>Navigation</subject><subject>Storms</subject><subject>Sun</subject><subject>Web server</subject><subject>Web sites</subject><issn>1081-6011</issn><issn>2375-1207</issn><isbn>0818674172</isbn><isbn>9780818674174</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>1996</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj9tKw0AURQcvYFr9gT7NDySeM5PMxTcJta2UVrw8lzM3iNimJFHI31usT5u92CzYjM0QCkSw92_z-uV1VaC1qqhAKIMXLBNSVzkK0JdsAgaN0iVqccUyPLVcAeINm_T9J4AAacuMiWf6Id5H_901w_jAU9fu-bId_vDQ8k0cek_HyOkQuItjewi37DrRVx_v_nPKPp7m7_UyX28Xq_pxnTdYmiG3ySlH3laknJHCIHpvSyWTCto5sgBaCESrbUoheECFVEWsCORpiUFO2ezsbWKMu2PX7Kkbd-er8hdSOkUe</recordid><startdate>1996</startdate><enddate>1996</enddate><creator>Dean, D.</creator><creator>Felten, E.W.</creator><creator>Wallach, D.S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>1996</creationdate><title>Java security: from HotJava to Netscape and beyond</title><author>Dean, D. ; Felten, E.W. ; Wallach, D.S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i148t-9fb6bac95a6b832811cc9463f6d7bba90072211979ffddc0161a5e15a031cc1d3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>1996</creationdate><topic>Computer science</topic><topic>HTML</topic><topic>Information security</topic><topic>Java</topic><topic>Memory management</topic><topic>Navigation</topic><topic>Storms</topic><topic>Sun</topic><topic>Web server</topic><topic>Web sites</topic><toplevel>online_resources</toplevel><creatorcontrib>Dean, D.</creatorcontrib><creatorcontrib>Felten, E.W.</creatorcontrib><creatorcontrib>Wallach, D.S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Dean, D.</au><au>Felten, E.W.</au><au>Wallach, D.S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Java security: from HotJava to Netscape and beyond</atitle><btitle>Proceedings 1996 IEEE Symposium on Security and Privacy</btitle><stitle>SECPRI</stitle><date>1996</date><risdate>1996</risdate><spage>190</spage><epage>200</epage><pages>190-200</pages><issn>1081-6011</issn><eissn>2375-1207</eissn><isbn>0818674172</isbn><isbn>9780818674174</isbn><abstract>The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated.</abstract><pub>IEEE</pub><doi>10.1109/SECPRI.1996.502681</doi><tpages>11</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1081-6011
ispartof Proceedings 1996 IEEE Symposium on Security and Privacy, 1996, p.190-200
issn 1081-6011
2375-1207
language eng
recordid cdi_ieee_primary_502681
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer science
HTML
Information security
Java
Memory management
Navigation
Storms
Sun
Web server
Web sites
title Java security: from HotJava to Netscape and beyond
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T16%3A53%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Java%20security:%20from%20HotJava%20to%20Netscape%20and%20beyond&rft.btitle=Proceedings%201996%20IEEE%20Symposium%20on%20Security%20and%20Privacy&rft.au=Dean,%20D.&rft.date=1996&rft.spage=190&rft.epage=200&rft.pages=190-200&rft.issn=1081-6011&rft.eissn=2375-1207&rft.isbn=0818674172&rft.isbn_list=9780818674174&rft_id=info:doi/10.1109/SECPRI.1996.502681&rft_dat=%3Cieee_6IE%3E502681%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=502681&rfr_iscdi=true