Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
Abstract - Security Symposium - 2000

A Secure JavaTM Virtual Machine

Leendert van Doorn, IBM T.J. Watson Research Center


The JavaTM Virtual Machine is viewed by many as inherently insecure despite all the efforts to improve its security. In this paper we take a different approach to Java security and describe the design and implementation of a system that provides operating system style protection for Java code. We use hardware protection domains to separate Java classes, provide access control on cross domain method invocations, efficient data sharing between protection domains, and memory and CPU resource control. These security measures, when they do not violate the policy, are all transparent to the Java programs, even when a subclass is in one domain and its superclass is in another. To reduce the performance impact we group classes and share them between protection domains and map data on demand as it is being shared.
?Need help? Use our Contacts page.

Last changed: 29 Jan. 2002 ml
Technical Program
Conference index