Date: Thu, 21 May 1998 09:53:33 +0000
From: Viswanathan Kapaleeswaran <viswana@fit.qut.edu.au>
To: java-security@web2.javasoft.com
Subject: Java Security White Paper
Hi
My name is Viswanathan Kapaleeswaran (Kapali for short). I am interested
in the trust level of the JVM and the way it checks the bytecodes. Does
the bytecode checker make any asssumptions, and is it possible to
by-pass the security by coding directly in bytecodes. This I am
interested from the E-Commerce point of view. Could you kindly enlighten
me in this regard (and more if possible)?
The basic questions are;
- How trusted is JVM in the Java security architecture and how reliable
is it for this trust placed on it?
- What are the assumptions that the bytecode verifier makes while
checking?
- What are the areas and *things* that it checks for?
It would be of great help if you could respond to me as early as is
possible.
Thanks in advance,
-Kapali