Article for a general audience (Diverse speeches and writings)
Twenty years of Escaping the Java Sandbox
Bartel, Alexandre; Doe, John
2018
 

Files


Full Text
paper.txt
Author postprint (110.03 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
java; sandbox; exploit
Abstract :
[en] The Java platform is broadly deployed on billions of devices, from servers and desktop workstations to consumer electronics. It was originally designed to implement an elaborate security model, the Java sandbox, that allows for the secure execution of code retrieved from potentially untrusted remote machines without putting the host machine at risk. Concretely, this sandboxing approach is used to secure the execution of untrusted Java applications such as Java applets in the web browser. Unfortunately, critical security bugs -- enabling a total bypass of the sandbox -- affected every single major version of the Java platform since its introduction. Despite major efforts to fix and revise the platform's security mechanisms over the course of two decades, critical security vulnerabilities are still being found. In this work, we review the past and present of Java insecurity. Our goal is to provide an overview of how Java platform security fails, such that we can learn from the past mistakes. All security vulnerabilities presented here are already known and fixed in current versions of the Java runtime, we discuss them for educational purposes only. This case study has been made in the hope that we gain insights that help us design better systems in the future.
Disciplines :
Computer science
Author, co-author :
Bartel, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Doe, John
Language :
English
Title :
Twenty years of Escaping the Java Sandbox
Publication date :
2018
Journal title :
Phrack
Available on ORBilu :
since 10 January 2019

Statistics


Number of views
311 (14 by Unilu)
Number of downloads
253 (9 by Unilu)

Bibliography


Similar publications



Contact ORBilu