[447] in java-interest
Re: Java, viruses and trojans
daemon@ATHENA.MIT.EDU (Douglas Barnes)
Thu Jun 22 17:31:41 1995
Date: Thu, 22 Jun 1995 14:03:43 -0800
To: riddle@is.rice.edu, java-interest@java.sun.com
From: cman@communities.com (Douglas Barnes)
Hi Prentiss, LTNS!
It is certainly theoretically possible. Because Java
can control what local classes an imported class can
use, one can construct classes at a higher level than,
"open a socket and do whatever you want with it."
Imported code can then be allowed to access only certain
higher-level constructs.
This is made possible at the foundation level by the fact
that Java classes can't indiscriminately roam the address
space or engage in other behavior that would give them
access to arbitrary local resources or get into the
pocketsess of other classes.
At the same time, one must very carefully construct these
higher-level classes, and they must be installed locally
(or be obtained from a trusted, authenticated source). The
"terms and conditions" on which a class imported over
the net can access local resources must be configurable
in a way that is convenient, and comprehensible to even
very naive users. This is the tough part -- coming up with
a way of granting access by certain classes to certain
resources without constantly nagging the user "class such-
and-such wants resource so-and-so." Java gives the basis
for doing this _theoretically_; doing it in a way that is
practical, safe and convenient is a difficult craft. I don't
think the current implementation accomplishes this, but I
have high hopes for the future.
>Which raises a more general question: Is it even theoretically possible
>to come up with a security model which grants *useful* access to
>resources by untrusted programs, without also granting potentially
>*dangerous* access? It seems to me that any resource which can be
>useful must also be potentially dangerous if misused.
>
>Do the people working on Java, TeleScript, etc. have an answer to this
>problem?
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
