
There are many user concerns surrounding the downloading of Java applets
and applications over the Internet. But Java developers have addressed these
issues with sophisticated technologies that allow for anything from the signing
of applets to the designing of secure architectural models. IBM is in the forefront
of Java security research and development and is committed to making Java a secure, yet
accessible means for content creation and exchange. IBM's message is clear: given
the proper filtering techniques, Java is and will continue to be safe to download
to your operating system -- unlike new Microsoft technologies, which do not support
key Java security features.
For more information on IBM's Java security perspectives and solutions, check
out this month's collection of whitepapers, articles, and technologies...
 |
Internet Security, ActiveX, and Java
The experts are not embracing ActiveX as a way to distribute
smart Internet browser components, but prefer instead Sun's Java.
The reason is that Java and ActiveX differ greatly in their
placement of responsibility for security: ActiveX relies
on Web site administrators and, therefore, on the security
of the Internet as a whole. Java, on the other hand, relies
on the quality of the virtual machine in your browser,
which is much more difficult to subvert.
|
 |
Tangled Web
Whether you're an individual user or an administrator responsible for a
LAN full of systems, one of the most important parts of security is awareness.
This paper discusses some of the security issues in Java, JavaScript,
and ActiveX that you should be aware of.
|
 |
Untrusted Applications Need Trusted Operating Systems
IBM is strongly committed to Java technology. However, IBM is also aware of the security risks when Java applets are
downloaded from the Internet. These risks are not unique to Java, but are also present in ActiveX, Postscript, Microsoft
Word macros, and many other languages. We want to offer our customers both guidance and product features to
use Java technology wisely and securely.
|
 |
A Security Model for Aglets
Aglets are Java-based mobile agents and programs that roam the
Internet on behalf of a user to seek, filter,
and forward information, or even to do business
in the user's name. Although aglets offer many benefits, there
are also new security threats that need to be resolved.
This white paper describes a security model for
the aglets development environment that supports flexible
definition and architectural enforcement of security policies.
|
Flexible Security - Architecture and Implementation
 |
Flexible Control of Downloaded Executable Content
This paper presents a system for managing the execution of downloaded content
according to flexibly-defined security policies. This
downloaded content execution system can enforce a variety of security
policies covering content download, content protection, domain derivation,
and content authorization.
|
 |
A Flexible Security Model for Using Internet Content
Java, Netscape plug-ins, and ActiveX controls have led to the popularization
of a new programming paradigm: extensive downloading of executable code into
applications. However, such flexibility in the programming model leads to
several security problems. The solution is FlexxGuard: a system for downloading
content over an untrusted network, such as the Internet, and for controlling
its use on a client machine.
|
 |
Featured Technology: FlexxGuard
FlexxGuard protects Windows-based Internet and intranet clients against
suspicious applets by regulating Java applet access to Windows system
resources. Rather than quarantining all applets from client resources,
FlexxGuard defends against malicious attacks by alerting Java clients to
the presence of suspicious applets.
|
JavaTM is a trademark of Sun Microsystems, Inc.
Other companies, products, and service names may be trademarks or service marks of others.
Copyright
Trademark
|