Friday, June 20, 2008

Java Security Model

Writen by Aaron Schwartz

The Java security model has been criticized by some as being too difficult to use. Others argue that it's fine. Argue that the Java security model is just as complex as it needs to be to solve the problems it addresses.

Introduced in 1995 Java is remaining one of the most popular tools of developers and now. The opportunities it opens for usage are numerous: from web design, to the development of different sorts of applications, easy to use.

It evolved from a simple client side browser plug-in to a complex and wide spread instrument for building web-servers and solving different problems of modern IT world.

Because of it's development and rapid growth of tasks it addresses, the demand in the functionally of Java, also made a demand in it's security capacities. The security of modern Java is more complicated then it had ever been before. Basically it consists of 3 parts: the Java language, Java libraries and web browser.

The Java language is based on the safe system type, which doesn't uses pointers as language data type, that prevents accidental misuse and incorrect work of pointers, and also limits the access to the physical memory, guarantees the compatibility of data types. Java libraries allow more security if they are used correctly, and web browser controls the proper execution of Java code.

The Java security model is realized in the following way: before the execution the byte code downloaded from the network is a subject for immediate verification. The whole process of verification is faster than the process of compilation, and finally bytecode verifier is not that complex program as a full compiler. After it's approved that the byte code is correct it's executed by Java interpreter, which makes it more secure, denying the direct access to the memory: Java application can not be read or written into the memory. If the Java application could have the direct access to the memory of computer, it could get the access to the operation system, breaking the security model.

Because of the popularity and its opportunities the spread and usage of Java on internet is obvious. It's the most portable language, with a big variety of networking features to use. These are the main reasons why it's security is very complex.

But it's well known fact that complicated technologies are more likely to crash and be a result of numerous problems, which are not that likely to happen to simple technologies. So the problems with security system can be the result of unexpected and unsanctioned access to data.

Another problem is the difficulties that have to be overcome by the beginners. Even though that the security model safety of access control it is realized through the text file, which includes the details of permissions to be given to access data. The process of updating permissions is very complex in the way that it has to be done manually, by editing the text file containing permission info. And it's can not be thought about as about a usual task even for professionals.

Along with that Java security model doesn't allow much of dynamic allocating and revocation of permissions. Running an application or applet, it first requests a permission, which is then checked by being contained in the policy text file, by Runtime Environment. That's why if there is no permission in the policy text file for executing the application, the access will be denied. Nowadays Java doesn't have any features that will allow any means to dynamic changes of permission policy. So to be more specific, the user running an application for getting access the data, in the case if application has no permissions for access, would have to follow the procedure of exiting the application, changing the policy text file and only then running the application again.

This critics is generally understood, but the development of information technologies and networking goes too fast for the software programmers to satisfy both speed and flexibility requirements with the requirements of high data security. In this case the restrictions Java puts on accessing data, as well as the restrictions on entrusted Java applications prohibit a lot of information exchange activities. The whole process of security model reduces to minimum the probability of unexpected data access and risk, which is the main problem of modern computer based data exchange, and the means taken to prevent data from attacks, may be thought to be to difficult and uncomfortable for users, but they still remain the most reliable means of data defense. It would be absurd to think that any other security model including Java can ever be totally safe, the danger holes will always take place, but the development of Java will reduce these risks and open more opportunities for Java application.

Aaron is a professional freelance writer at custom essays writing service: custom-essay.net Now he is a technical writer, advertising copywriter, & website copywriter for Custom Essay Writing Service.

custom essays
essays in 24 hours
buy essay

No comments: