Java's security architecture
An overview of the JVM's security model and a look at its built-in safety features
By Bill Venners, JavaWorld.com, 08/01/97
Page 5 of 5
Structured error handling contributes to Java's security model by helping to improve the robustness of Java programs. The
Java compiler forces programmers to deal with exceptions that methods declare they may throw. This encourages programmers
to write code that actually handles exception conditions that may reasonably be expected to arise as their programs run. If
a program encounters a catastrophic error condition, the structure error handling mechanism enables the program to avoid an
uncontrolled crash and make a more graceful exit.
Conclusion
The sandbox security model is an intrinsic part of Java's architecture. The sandbox, a shell that surrounds a running Java
program, protects the host system from malicious code. This security model helps give users confidence in downloading untrusted
code across network.
The sandbox is designed into the Java virtual machine and Java API. It touches all corners of the architecture, but can be
divided into four main components:
About the author
Bill Venners has been writing software
professionally for 12 years. Based in Silicon Valley, he provides
software consulting and training services under the name Artima Software Company. Over the
years he has developed software for the consumer electronics,
education, semiconductor, and life insurance industries. He has
programmed in many languages on many platforms: assembly language
on various microprocessors, C on Unix, C++ on Windows, Java on the
Web. He is author of the book: Inside the
Java Virtual Machine, published by McGraw-Hill.
- Safety features (covered in this article)
- Class loaders (this will be covered next month)
- Class verification (this will covered in the October issue)
- The security manager (this will be covered in the November issue)