Software Vulnerabilities in Java

摘要

Java is essentially a safe language with good security features, However there are several Java features and facilities that can compromise safety if they are misused or improperly implemented. This report briefly describes these potential software vulnerabilities in the current version of Java, Java 5. This brief report is concerned with software vulnerabilities in the current version of Java that is Java 5. Java is essentially a safe language: there is no explicit pointer manipulation; array and string bounds are automatically checked; attempts at referencing a null pointer are trapped; the arithmetic operations are well defined and platform independent as are the type conversions. The built-in byte code verifier ensures that these cheeks are always in place. Moreover there are comprehensive fine-grained security mechanisms available in Java that can control access to individual files sockets and other sensitive resources. To take advantage of the security mechanisms the Java Virtual Machine (JVM) must have a security manager in place. This is an ordinarily Java object of class Java. language. SecurityManager (or a subclass) that can be put in place programmatically but is more usually specified via a command line parameter. There are however some ways in which Java program safety can be compromised. These are described in Section 2.