[559] in java-interest
Re: Security
daemon@ATHENA.MIT.EDU (Chuck McManis)
Fri Jun 30 15:27:45 1995
Date: Fri, 30 Jun 1995 10:10:26 -0700
From: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
To: java-interest@java.Eng.Sun.COM, ryanz@daffy.netrex.com
>Not being an expert on security, I have the following question:
>Is it possible to re-write the compiler and browser/interpreter so
>that it doesn't do the failsafes, thus allowing me to access another
>applet's private data? Couldn't I then link in some byte code that
>accesses material on the server-side and download that material for
>myself?
If you choose to modify the environment, you have complete control of
anything that enters it.
There are two fundamental points of view on security in a system like
this:
#1) As the user of a trusted application, is the component I've
imported going to invalidate my trust in the environment?
#2) As a producer of a "valuable" content, can I protect myself
once I've been imported into an untrusted environment?
The focus on security for Java/HotJava is #1, primarily because it represents
the greatest risk, and secondarily because "solving" it (ie addressing those
concerns) enables a lot of things like executable content etc.
#2 is the case where your program runs in an environment that you, as the
program developer, don't trust. This is sometimes called the "protected agent"
problem as one of the key motivators for it is to protect user's agents from
being corrupted as they transit untrusted execution environments.
Solving #2 is currently a research problem that many, many people are looking
at (lots of good paper material in there).
The short answer to your question is that, as the "owner" of the execution
environment, given sufficient resources you can bend, fold, mutilate and
extract all useful information out of *any* piece of code that enters that
environment. Further, with self documenting programs or easy to use programs
the disincentive to copy is reduced. All and all you've reduced the problem
to the same exact one faced by the manufacturers of PC computer games and
inspite of everything they have tried, it is still impossible to copy protect
a game that cannot be cracked by some of the more sophisticated groups out
there.
>If not, what keeps me from doing that? Is there any protection against someone
>doing this (besides making sure that httpd can't get to anything important)?
The solution used by the game manufacturers has been to get enough revenue
from the people who do pay, to cover the cost of those who don't pay. Some
folks have also been looking at smart cards to help out here but these are
a ways off.
--Chuck
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
