Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / November 2005

Tip: Looking for answers? Try searching our database.

Java Mustang - new type verifer

Thread view: 
Enable EMail AlertsStart New Thread
Yamin - 29 Nov 2005 23:53 GMT
Hey all,

This is just out of curiosity having read up a bit on the upcoming new
type verifier for Java Mustang.

Basically some of the verification will be done at compile time and the
information saved in the class file.  Thus, when the program is run,
some of the verification is already done and the application can now
run faster.

I'm not looking for any great detail, but in general, does anyone know
what prevents someone from 'adjusting' the verification information
saved in the class file to bypass some of java security features?

Don't worry, I trust the JVM guys to have taken care of this :)  I'm
just wondering how it works.

Yamin Bismilla
Reply to this Message
Thomas Hawtin - 30 Nov 2005 00:22 GMT
> This is just out of curiosity having read up a bit on the upcoming new
> type verifier for Java Mustang.

It's an improved version of what already happens on Java ME/J2ME.

> Basically some of the verification will be done at compile time and the
> information saved in the class file.  Thus, when the program is run,
[quoted text clipped - 4 lines]
> what prevents someone from 'adjusting' the verification information
> saved in the class file to bypass some of java security features?

It does check that the stack map/table agrees with the code. This is
much faster than inferring what it should be, apparently. For instance,
I don't believe it has to track backward jumps or deal figure out
situations involving multiple routes to an instruction.

> Don't worry, I trust the JVM guys to have taken care of this :)  I'm
> just wondering how it works.

You can check it yourself. There is an exceptionally modest reward if
you find a hole.

If I wanted to know how thoroughly something has been checked for holes,
I'd put some in deliberately and see if they get spotted. So there might
well be some fame there for the taking. Or not.

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.