A Java Filter

Report ID: TR-567-97

---

Author: Balfanz, Dirk / Felten, Edward W.

---

Date: 1997-12-00

---

Pages: 7

---

Download Formats: |Postscript|

---

Abstract:

Rogue Java applets are currently a major concern for big companies and private users alike. While the best protection against them is to turn off Java support in the WWW browser, this ``solution'' is unsatisfying: it deprives users of many of the advantages of the Java platform. Other mechanisms such as firewalls and code signing have been proposed to ``enhance'' security. In this paper we argue that these mechanisms cannot deliver the security they promise. As an alternative, we describe a simple yet effective way to prevent untrusted applets from entering the user's computer. At the same time, we allow trusted applets to execute in whatever sandbox the browser provides for them. Our technique works by modifying Java class loaders and can be extended to provide fine-grained access control for Java applets.