Extensible Security Architectures for Java

Dan S. Wallach, Dirk Balfanz, Drew Dean, Edward W. Felten

Research output: Contribution to journalArticlepeer-review

100 Scopus citations


Mobile code technologies such as Java, JavaScript, and ActiveX generally limit all programs to a single restrictive security policy. However, software-based protection can allow for more extensible security models, with potentially significant performance improvements over traditional hardware-based solutions. An extensible security system should be able to protect subsystems and implement policies that are created after the initial system is shipped. We describe and analyze three implementation strategies for interposing such security policies in software-based security systems. Implementations exist for all three strategies: several vendors have adapted capabilities to Java, Netscape and Microsoft have extensions to Java's stack introspection, and we built a name space management system as an add-on to Microsoft Internet Explorer. Theoretically, all these systems are equivalently secure, but many practical issues and implementation details favor some aspects of each system.

Original languageEnglish (US)
Pages (from-to)116-128
Number of pages13
JournalOperating Systems Review (ACM)
Issue number5
StatePublished - Dec 1997

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Extensible Security Architectures for Java'. Together they form a unique fingerprint.

Cite this