Integrity of the Java Virtual Machine

Doug Bunting (dougb@intuit.com)
Mon, 27 Apr 1998 16:46:28 -0700

Date: Mon, 27 Apr 1998 16:46:28 -0700
From: Doug Bunting <dougb@intuit.com>
To: java-security@web1.javasoft.com
Subject: Integrity of the Java Virtual Machine

Hello,

It seems that the Java Security team is hard at work adding Java
features to extend the sandbox and to provide more secure communication
back to a web server. But, I've seen nothing which addresses a more
general problem.

How would a downloaded applet confirm it's running in a Virtual Machine
which has not been corrupted? In a world containing malicious Active X
and virus programs, an applet should have some way to know its
environment is secure. With the new Java Activator / plug in
initiatives, JavaSoft seems to be in a prime position to provide
something here.

Examples I've thought about include using signed Jar files for the local
(trusted) class files, maintaining a checksum for any executable files
used in the installation and checks for rogue threads still running from
an earlier web page.

thanx,
doug