Java Security

What is Mobile Code?

Mobile Code is Your Friend

Mobile Code Is Scary

Mobile Code Can Be Safe

How Mobile Code Works

How Mobile Code Fails

Verifier Failures

Verifier Internals

Verifier Internals

Bugs in Sun / Microsoft Verifiers

Building a Better Verifier?

Defining “Correct” Bytecode?

Abstract Syntax Trees vs. Bytecode

Name Space Confusion

Name Space-based Attacks

Fixing Name Spaces

Name Space Problems Again

Name Space: Deeper Problems

Denial of Service

Safe Termination

Class vs. Thread Termination

Secure Services

Netscape 2.0 Insecurity

Netscape DNS Attack

Another Secure Services Problem

Handling the “Maybe” Cases

Solution: Stack Inspection

How Stack Inspection Works

How Stack Inspection Works

How Stack Inspection Works

How Stack Inspection Works

How Stack Inspection Works

Netscape 4.0 Privileges

Why Stack Inspection is Cool

Trusted Computing Base

Browser / External Interaction

Conclusions