If the components are in Java, the Java Language Specification (JLS)
defines clear initialization rules which prevent "old data" from being
exposed to components written in Java. Most values are zero-initialized;
you can see the spec on-line on java.sun.com (no URL handy, sorry).
The actual C2 requirement is (memory, don't fail me now ;-) on the "trusted
computing base", not an OS. There are a lot of folk working to identify
whether the Java Virtual Machine (JVM), including the "verifier" which does
load-time checks of several types, is sufficiently trusted. (Modulo those
requirements for a trusted auditing mechanism, user authentication, etc.)
In fact, sufficiently much work is going on there that I'll hope someone
else responds more fully (a natural candidate is out of town just now :-)
and for now will just say that you should look at the JLS and JVM specs
(on-line, also purchasable in hardcopy from Addison-Wesley) and also the
security section of the "http://java.sun.com" web site.
- Dave
p.s. Re integrating non-Java components ... so long as they're implemented
in Java bytecodes as interpreted by the JVM, the reuse should be
prevented automatically.
Richard Bland wrote:
>
> Background
>
> We are developing a prototype for an Air Force system which will
> eventually need to be C2 compliant. One of the four criteria is for
> object reuse. What this really means is that memory, as managed by the
> OS, needs to be overwritten prior to being returned and reallocated to
> another user. In this way it is guaranteed that classified information
> that used to be in that location will not be inadvertantly given to
> another user.
>
> I would like to know if there is an easy way to implement this
> characteristic with reusable components. I am just learning Java so I
> am a little unsure of what resources are available. Could you give me
> some guidance?????
>
> Rich Bland