Almut Herzog, Nahid Shahmehri:
Performance of the Java security manager.
Abstract
The Java Security Manager is one major security feature of the
Java programming language. However, in many Java applications the Security
Manager is not enabled because it slows execution time. This paper
explores the performance of the Java Security Manager in depth, identifies
the permissions with the worst performance and gives advice on how to use
the Security Manager in a more efficient way. Our performance test shows
that the CPU execution time penalty varies between 5% and 100% per
resource access statement. This extreme range is due to the fact that some
resource accesses are costly (such as file and socket access) and
therefore hide the performance penalty for the access control check almost
completely. The time penalty is much more noticeable with access to main
memory resources (such as Java objects). In order to achieve reasonable
response times, it is of utmost importance to tune garbage collection
because the Java Security Manager creates short-lived objects during its
permission check. Also, the order of permissions in the policy file can be
important.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-141
@article{REWERSE-RP-2005-141, author = {Almut Herzog and Nahid Shahmehri}, title = {Performance of the Java security manager}, journal = {Computers & Security}, year = {2005}, volume = {24}, number = {3}, pages = {192--207}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2005-141} }