Java Security Model and its anatomy

Java Sandbox Model
Java has circumvented the virus or Trojan horse problems that plagued other models of software distributions. Java sandbox model is responsible for protecting a number of resources and it does it at number of levels.
Java programs are considered safe because they cannot run, install or propagate viruses and program itself cannot perform any action that is harmful to the user’s computing environment.

Anatomy of java application in SECURITY

Java Sandbox Model

Java Sandbox Model

The components drawn in the above figure play important role in java security model.

Byte Code verifier:
It ensures that all java class files that are loaded into JVM follow the rules of the Java language. In terms of resources, it helps enforce memory protections for all java programs. As the figure implies not all the class files are subjected to byte code verification.

Class Loader
One or more class loaders load all the java classes. Programmatically, the class loader can set permissions for each class it loads.

Access Controller
It allows OR prevents access from the core API to the operating system, based upon the policies set by the end user or administrator.

Security Manager
This is the primary interface between Core API and Operating System, however it exists for historic reasons

Security Package
It allows you to add security features to your applications as well as providing the basis by which java classes may be signed. This is a complex API and is further broken into following

  • Security Provider Interface– the means by which different security implementations can be plugged into security package.
  • Message Digests
  • Keys and certificates
  • Digital Signatures
  • Encryption (JCE & JSSE)
  • Authentication (through JAAS)

Key database
Key database is a set of keys used by the security infrastructure to create or verify digital signatures.
With respect to the sandbox, digital signatures play an important role because they provide authentication of who actually provided java class

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Mostly technology with occasional sprinkling of other random thoughts


Amir Amintabar's personal page

101 Books

Reading my way through Time Magazine's 100 Greatest Novels since 1923 (plus Ulysses)

Seek, Plunnge and more...

My words, my world...

ARRM Foundation

Do not wait for leaders; do it alone, person to person - Mother Teresa

Executive Management

An unexamined life is not worth living – Socrates


A topnotch site


Just another site

coding algorithms

"An approximate answer to the right problem is worth a good deal more than an exact answer to an approximate problem." -- John Tukey

%d bloggers like this: