This is precursor to my other, more advanced question about Stack Inspection.
Stack Inspection is a security mechanism introduced in the JVM to deal with running code originating from locations having different levels of trust. This is question aims at finding a simple description of its functionality. So:
How does stack inspection work?
Asked By : Dave Clarke
Answered By : Vor
See
- "Understanding Java Stack Inspection" by D. S. Wallach and E. W. Felten (1998)
From the paper:
... The stack inspection algorithm used in current Java systems can be thought of as a generalization of the following simple stack inspection model:
In this model, the only principals are "system" and "untrusted". Likewise, the only privilege available is "full." This model resembles the stack inspection system used internally in Netscape Navigator 3.0.
In this model, every stack frame is labeled with a principal ("system" if the frame is executing code that is part of the virtual machine or its built-in libraries, and "untrusted" otherwise), and contains a privilege flag which may be set by a system class which chooses to "enable its privileges," explicitly stating that it wants to do something dangerous. An untrusted class cannot set its privilege flag. When a stack frame exits, its privilege flag (if any) automatically disappears.
All procedures about to perform a dangerous operation such as accessing the file system or network first apply a stack inspection algorithm to decide whether access is allowed. The stack inspection algorithmsearches the frames on the caller's stack in sequence, from newest to oldest. The search terminates, allowing access, upon finding a stack frame with a privilege flag. The search also terminates, forbidding access and throwing an exception, upon finding an untrusted stack frame (which could never have gotten a privilege flag). ...
- and the book "Securing Java" (in particular chapter three also available online)
Best Answer from StackOverflow
Question Source : http://cs.stackexchange.com/questions/796
0 comments:
Post a Comment
Let us know your responses and feedback