Java Security White Paper

Viswanathan Kapaleeswaran (viswana@fit.qut.edu.au)
Thu, 21 May 1998 09:53:33 +0000

Date: Thu, 21 May 1998 09:53:33 +0000
From: Viswanathan Kapaleeswaran <viswana@fit.qut.edu.au>
To: java-security@web2.javasoft.com
Subject: Java Security White Paper

Hi
My name is Viswanathan Kapaleeswaran (Kapali for short). I am interested
in the trust level of the JVM and the way it checks the bytecodes. Does
the bytecode checker make any asssumptions, and is it possible to
by-pass the security by coding directly in bytecodes. This I am
interested from the E-Commerce point of view. Could you kindly enlighten
me in this regard (and more if possible)?

The basic questions are;
- How trusted is JVM in the Java security architecture and how reliable
is it for this trust placed on it?

- What are the assumptions that the bytecode verifier makes while
checking?

- What are the areas and *things* that it checks for?

It would be of great help if you could respond to me as early as is
possible.

Thanks in advance,

-Kapali