Security Manager Criticism

James Sangroniz (James_Sangroniz@hp-boise-om8.om.hp.com)
Thu, 11 Dec 1997 11:42:04 -0700

Date: Thu, 11 Dec 1997 11:42:04 -0700
From: James Sangroniz <James_Sangroniz@hp-boise-om8.om.hp.com>
To: java-security@web2.javasoft.com
Subject: Security Manager Criticism

D.Dean et al in "Java Security: From HotJava to Netscape and Beyond"
http://www.cs.princeton.edu/sip/pub/secure96.html, contend that
as a reference monitor the Java Security Manager fails on all three
fronts.
1. It is not always invoke - relies on the implementor of the VM to call
the SM.
2. Is not tamper proof
3. Is not verifiable - It's written in Java and Java has no formal
semantics.
Has there been any advances in the JDK that address these concerns?

James Sangroniz
HP Boise