Almut Herzog, Nahid Shahmehri:
An Evaluation of Java Application Containers according to Security Requirements.
Abstract
Web browsers, web servers, Java application servers and OSGi
frameworks are all instances of Java execution environments that run more
or less untrusted Java applications. In all these environments, Java
applications can come from different sources. Consequently, application
developers rarely know which other applications exist in the target Java
execution environment. This paper investigates the requirements that need
to be imposed on such a container from a security point of view and how
the requirements have been implemented by different Java application
containers. More specifically, we show a general risk analysis considering
assets, threats and vulnerabilities of a Java container. This risk
analysis exposes generic Java security problems and leads to a set of
security requirements. These security requirements are then used to
evaluate the security architecture of existing Java containers for Java
applications, applets, servlets, OSGi bundles, and Enterprise Java
Beans. For comparison, the requirements are also examined for a C++
application.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-140
@inproceedings{REWERSE-RP-2005-140, author = {Almut Herzog and Nahid Shahmehri}, title = {An Evaluation of Java Application Containers according to Security Requirements}, booktitle = {Proceedings of 14th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Linköping, Sweden (13th--15th June 2005)}, year = {2005}, organization = {IEEE}, pages = {178--186}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-140} }