In this report I will look at the potential types of threats surrounding Java. Each type of threat has its own objective and ways of meeting this objective. Java developers also realised these threats so they have developed a security model, which helps ensure that certain java code is checked before it is run. The security model is implemented into Java-enabled browsers in a Java Virtual Machine, known as VM. The model has three key parts, the verifier, the class loader and the security manager. Each part will be explained in detail. As with most computer related languages, despite the greatest security measures, there are still holes that can be exposed.
What is Java?.
There are two types of Java program; there is either an application or an applet. An application has no restrictions; therefore it is able to use the full power of Java. It is possible for a Java application to read, write and modify files and to manipulate memory. Applets are restricted as a means of security and are found embedded in web pages, embedded in the HTML (Hyper Text Mark-up Language). As they are embedded in HTML it is essential to run an applet that you have a Java compatible browser. Applets can run automatically when a web page that contains one is opened or accessed.
As java applets are far more powerful than HTML, they offer a potential threat to the people using them. Code from the web is known as untrusted code, because somebody else has created the code, this somebody could be anybody. Unfortunately there are clever people in this world who wish to use their skills in a harmful way. Therefore the code you get from the Internet could be designed to cause you problems. There are 4 basic classes of potential attacks that applets can cause; often an applet can fall into more than one category. .
They are as follows:.
1. System modification v/s These are deemed as the most severe. Applets of this type are known as attack applets as they attack your system, consequences are severe.