The Java SandBox
The sandbox allows code to be downloaded from any source,but applies restriction on it upon execution.You can also say sandbox isolates particular code during execution to apply the restrictions.A Java sandbox is an area in memory outside which the Java program cannot make calls.This prevents Java programs from being able to call low level system functions that may cause data corruption or other damages.The Java sandbox is used by Java to discourage unsafe applets from accessing the resources.It applies several restrictions on the applets.
The Java sandbox has three components:-
The Java sandbox has three components:-
- The Bytecode verifier
- The applet class loader
- The security Manager
The Bytecode Verifier
The first level of Java security is the Java Bytecode verifier.The Bytecode is verified before it is allowed to run on the users machine.It is checked to authenticate its creation by the Java compiler ,and its access is restricted accordingly.The Bytecode verifier makes sure that the format of the bytecode fragment is correct.A built-in theorem is applied on each fragment to make sure that the bytecode does not violate access restrictions or try to access objects using incorrect information.The bytecode is checked in two phases.The first phase takes place when the bytecode is loaded.The verifier checks for the structure of the .class file.Phase two occurs when the bytecode is executed .The verifier checks the validity of the classes,the variables and the methods used in the program.This is done because Java programs are dynamically linked.
The Applet class loader
The second level of security defense id the Java Applet class loader.All Java objects belong to classes and the applet class loader determines how and when an applet is allowed to add classes to a running Java environment.It also makes sure that important parts of the Java Runtime Environment(JRE) are not replaced by any applet code.In a Java environment ,there can be many active class loaders and at the same time ,each class loader can create its own runtime environment .The applet class loader loads all the applets and their references.
The Security Manager
The third level ,and a very important part of the Java sandbox ,is the security manager .The security Manager defines the boundaries of the sandbox.The Java API refers to the security manager before it allows any access to the resource.It restricts the way in which the applet uses visible interfaces.While loading classes,the class loader always compiles with the security manager's decision .Built -in classes are given preference over classes loaded over the net.The sandbox can be used to run untrusted code on the users machine.
NOTE:-A Java protected domain is an extension of the Java sandbox in a file system.Java protected domains enable the use of permission or use a default setting for providing access to function calls outside the sandbox.
Suggested Reading:-
Java Architecture
Java Architecture trade offs
Java Architecture Features
Java class loader architecture
Memory management in Java
The first level of Java security is the Java Bytecode verifier.The Bytecode is verified before it is allowed to run on the users machine.It is checked to authenticate its creation by the Java compiler ,and its access is restricted accordingly.The Bytecode verifier makes sure that the format of the bytecode fragment is correct.A built-in theorem is applied on each fragment to make sure that the bytecode does not violate access restrictions or try to access objects using incorrect information.The bytecode is checked in two phases.The first phase takes place when the bytecode is loaded.The verifier checks for the structure of the .class file.Phase two occurs when the bytecode is executed .The verifier checks the validity of the classes,the variables and the methods used in the program.This is done because Java programs are dynamically linked.
The Applet class loader
The second level of security defense id the Java Applet class loader.All Java objects belong to classes and the applet class loader determines how and when an applet is allowed to add classes to a running Java environment.It also makes sure that important parts of the Java Runtime Environment(JRE) are not replaced by any applet code.In a Java environment ,there can be many active class loaders and at the same time ,each class loader can create its own runtime environment .The applet class loader loads all the applets and their references.
The Security Manager
The third level ,and a very important part of the Java sandbox ,is the security manager .The security Manager defines the boundaries of the sandbox.The Java API refers to the security manager before it allows any access to the resource.It restricts the way in which the applet uses visible interfaces.While loading classes,the class loader always compiles with the security manager's decision .Built -in classes are given preference over classes loaded over the net.The sandbox can be used to run untrusted code on the users machine.
NOTE:-A Java protected domain is an extension of the Java sandbox in a file system.Java protected domains enable the use of permission or use a default setting for providing access to function calls outside the sandbox.
Suggested Reading:-
Java Architecture
Java Architecture trade offs
Java Architecture Features
Java class loader architecture
Memory management in Java
0 comments:
Post a Comment
Post a Comment