Hostile Java Applets
David Evans, University of Virginia
Java was introduced in 1995 as both a high-level programming language and an intermediate language, Java Virtual Machine language (JVML, sometimes called Java byte codes), and execution platform, the Java Virtual Machine (Java VM), designed for secure execution of programs from untrusted sources in Web browsers (Gosling, 1995). These small programs that are intended to execute within larger applications are known as applets. Java runs on a wide range of platforms scaling from the Java Card smart card environment (Chen, 2000) to the Java 2 Enterprise Edition (J2EE) for large component-based enterprise applications (Singh, Stearns, Johnson, & the Enterprise Team, 2002). This chapter focuses on the Java 2 Platform, Standard Edition (J2SE), which is the most common platform for desktop applications and servers, including Web browsers. Most of the security issues are the same across all Java platforms, however. Because of the limited functionality of the Java Card environment, ...