Java's security architecture

An overview of the JVM's security model and a look at its built-in safety features

This month's "Under The Hood" column is the first of a four-part series about Java's security model. The four articles will focus on the security infrastructure built into the Java virtual machine (JVM) and the java.lang library. This first article gives an overview of the security model and describes the JVM's safety features.

Why security?

Java's security model is one of the language's key architectural features that makes it an appropriate technology for networked environments. Security is important because networks provide a potential avenue of attack to any computer hooked to them. This concern becomes especially strong in an environment in which software is downloaded across the network and executed locally, as is done with Java applets, for example. Because the class files for an applet are automatically downloaded when a user goes to the containing Web page in a browser, it is likely that a user will encounter applets from untrusted sources. Without any security, this would be a convenient way to spread viruses. Thus, Java's security mechanisms help make Java suitable for networks because they establish a needed trust in the safety of network-mobile code.

Java's security model is focused on protecting users from hostile programs downloaded from untrusted sources across a network. To accomplish this goal, Java provides a customizable "sandbox" in which Java programs run. A Java program must play only inside its sandbox. It can do anything within the boundaries of its sandbox, but it can't take any action outside those boundaries. The sandbox for untrusted Java applets, for example, prohibits many activities, including:

  • Reading or writing to the local disk
  • Making a network connection to any host, except the host from which the applet came
  • Creating a new process
  • Loading a new dynamic library and directly calling a native method

By making it impossible for downloaded code to perform certain actions, Java's security model protects the user from the threat of hostile code.

1 2 Page 1
Page 1 of 2
How to choose a low-code development platform