1. What is FlexxGuard?

2. Does FlexxGuard affect the execution of unstamped applets?

3. How are FlexxGuard's security policies created?


1. What is FlexxGuard?

FlexxGuard is a technology developed in IBM research labs that allows signed or "stamped" Java applets to access system resources in a controlled manner. There are three key parts to this system:

1) Stamped applets: The author of an applet includes a list of resources that the applet needs to access on the user's system and then stamps the applet.

2) User Policy Database: A user creates a set of rules in the policy database in order to determine whether applets should be loaded on the user's system. The applet name, author, and resources are used to determine whether or not access should be granted.

3) Enforcement mechanism: The Java Virtual Machine (JVM) ensures that stamped applets do not access more than what they are permitted.

[Goto Top]

2. Does FlexxGuard affect the execution of unstamped applets?

No, you can still use applet viewer to execute unstamped applets.

[Goto Top]

3. How are FlexxGuard's security policies created?

FlexxGuard's policy database is created and modified by a process known as interactive refinement. When installed initially, the policy database does not allow "stamped" applets any access to system resources. When stamped applets are downloaded by the user, the user creates "exceptions" (i.e. rules) to these blanket prohibitions in order to execute applets.

[Goto Top]