Scribe Notes
CS 235A
15 October 2007

Java Security  - Extensible Security Architecture for Java

+ Protection for Java
   - Memory Protection
   - Secure Service
      An example of Secure service is GUI service.  Unauthorized GUI event modification might includes:
	- Read Password
	- Inject commands
+ Basic Sandbox Model
   - Code is tagged trusted or untrusted
   - Critical Operations invoke security Manager

Three Approaches introduced by this paper:

+Capability
   - Capability is Unforgeable reference to resources, For examples:
	- Pointer of Java Objects
	- File description
   - Implementation
	Example:
	class FileInputStream
	{
		private FileInputStream(String name){} 
	}
	 // make the constructor private, so cannot be created by any object outside the package, while remaining accessible to the objects of the same package by default
	class SubFS
	{
		public SubFS（String name)
		{
			s=new FileInputStream(“/tmp/”+name);
			...
		｝
	}

   - Con & Pro
	- Require modifying code
	- Little runtime overhead

+Stack introspection
   - Implementation
	While (f in frame)
	{
		if(f is untrusted)
			deny
		else if (privilage if set for f)
			allow
	}
	deny

   - Con & Pro
	- No modification of mobile code
	- has run time overhead

+ Name space Management
   - Con & Pro
	- No modification of mobile code
	- No runtime overhead
	- Not allowed for runtime privilege granting