Java HomeNewsJava-Based AppsDeveloper ToolsDeveloper AssistanceEducationCommunityEventsFeedback
Java Security

There are many user concerns surrounding the downloading of Java applets and applications over the Internet. But Java developers have addressed these issues with sophisticated technologies that allow for anything from the signing of applets to the designing of secure architectural models. IBM is in the forefront of Java security research and development and is committed to making Java a secure, yet accessible means for content creation and exchange. IBM's message is clear: given the proper filtering techniques, Java is and will continue to be safe to download to your operating system -- unlike new Microsoft technologies, which do not support key Java security features.

For more information on IBM's Java security perspectives and solutions, check out this month's collection of whitepapers, articles, and technologies...

Internet Security, ActiveX, and Java
The experts are not embracing ActiveX as a way to distribute smart Internet browser components, but prefer instead Sun's Java. The reason is that Java and ActiveX differ greatly in their placement of responsibility for security: ActiveX relies on Web site administrators and, therefore, on the security of the Internet as a whole. Java, on the other hand, relies on the quality of the virtual machine in your browser, which is much more difficult to subvert.

Tangled Web
Whether you're an individual user or an administrator responsible for a LAN full of systems, one of the most important parts of security is awareness. This paper discusses some of the security issues in Java, JavaScript, and ActiveX that you should be aware of.

Untrusted Applications Need Trusted Operating Systems
IBM is strongly committed to Java technology. However, IBM is also aware of the security risks when Java applets are downloaded from the Internet. These risks are not unique to Java, but are also present in ActiveX, Postscript, Microsoft Word macros, and many other languages. We want to offer our customers both guidance and product features to use Java technology wisely and securely.

A Security Model for Aglets
Aglets are Java-based mobile agents and programs that roam the Internet on behalf of a user to seek, filter, and forward information, or even to do business in the user's name. Although aglets offer many benefits, there are also new security threats that need to be resolved. This white paper describes a security model for the aglets development environment that supports flexible definition and architectural enforcement of security policies.

Flexible Security - Architecture and Implementation

Flexible Control of Downloaded Executable Content
This paper presents a system for managing the execution of downloaded content according to flexibly-defined security policies. This downloaded content execution system can enforce a variety of security policies covering content download, content protection, domain derivation, and content authorization.

A Flexible Security Model for Using Internet Content
Java, Netscape plug-ins, and ActiveX controls have led to the popularization of a new programming paradigm: extensive downloading of executable code into applications. However, such flexibility in the programming model leads to several security problems. The solution is FlexxGuard: a system for downloading content over an untrusted network, such as the Internet, and for controlling its use on a client machine.

Featured Technology: FlexxGuard
FlexxGuard protects Windows-based Internet and intranet clients against suspicious applets by regulating Java applet access to Windows system resources. Rather than quarantining all applets from client resources, FlexxGuard defends against malicious attacks by alerting Java clients to the presence of suspicious applets.





JavaTM is a trademark of Sun Microsystems, Inc.

Other companies, products, and service names may be trademarks or service marks of others.

Copyright   Trademark

IBM HomeOrderEmployment