Code security
Java enforces it’s code security through the JVM. As mentioned before, Java source files are compiled (converted into a set of bytecodes) and stored in a .class file.
At runtime, the bytecodes are loaded, checked and run in the JVM interpreter. This interpreter has two functions: to execute code and make calls to the underlying hardware. Generally, whilst the bytecode is first interpreted, a portion of the bytecode is compiled to native machine code and stored in memory. If the program is run, say immediately again, the computer can use the machine code. This allows Java to run nearly as fast as C or C++.
The Java Runtime Environment (jre) runs the code compiled for the JVM and performs three main tasks:
Loads the code – performed by the class loader
Verifies the code – performed by the bytecode verifier
Executes the code – performed by the runtime interpreter
The class loader loads all of the classes needed for the program execution. The class loader also separates the classes from the local file system from those imported from other sources. This security feature limits any “Trojan horse” applications (applications which look like standard applications such as a login box but really does something sinister, like stealing your username and password!) because local classes are always loaded first.
The class loader deals with the memory layout of the program. This protects against unauthorized access into restricted areas of code.
The bytecode verifier tests the format of the code and checks for illegal code – code that creates pointers, attempts to change object types, or violates object access rights. The verifier actually passes the code through four times to ensure that the code adheres to the JVM specification and does not violate system integrity.
Figure 1 - The JVM
clip_001 image
No comments:
Post a Comment