A security measure in the Java development environment. The sandbox is a set of rules that are used when creating an applet that prevents certain functions when the applet is sent as part of a Web page. When a browser requests a Web page with applets, the applets are sent automatically and can be executed as soon as the page arrives in the browser. If the applet is allowed unlimited access to memory and operating system resources, it can do harm in the hands of someone with malicious intent. The sandbox creates an environment in which there are strict limitations on what system resources the applet can request or access. Sandboxes are used when executable code comes from unknown or untrusted sources and allow the user to run untrusted code safely.
The Java sandbox relies on a three-tiered defense. If any one of these three elements fails, the security model is completely compromised and vulnerable to attack:
- 1.byte code verifier -- This is one way that Java automatically checks untrusted outside code before it is allowed to run. When a Java source program is compiled, it compiles down to platform-independen t Java byte code, which is verified before it can run. This helps to establish a base set of security guarantees.
- 2.applet class loader -- All Java objects belong to classes, and the applet class loader determines when and how an applet can add classes to a running Java environment. The applet class loader ensures that important elements of the Java run-time environment are not replaced by code that an applet tries to install.
- 3.security manager -- The security manager is consulted by code in the Java library whenever a dangerous operation is about to be carried out. The security manager has the option to veto the operation by generating a security exception.
sandbox,沙盒,是Java开发环境中的一种安全措施。当applet作为网页的一部分进行传输的时候,沙盒就是一组创建applet时需要遵循的规则,它可以预防某些意外的发生。当浏览器请求一个含有applet的网页时,applet会自动的发送给浏览器,并在到达后立即执行。如何applet被允许可以无限制的访问内存和操作系统的资源,计算机会收到恶意的伤害。沙盒可以创建一个环境,严格规定了什么样的系统资源applet可以访问。当可执行的代码来源未知或者不可信任是,沙盒允许用户安全的运行这些代码。
Java沙盒通过三层防御达到安全的目的,任何一层的失败都会导致安全功能的丧失,并存在被攻击的威胁:
- 1.字节码校验--在运行之前,Java自动的检查不信任的外部码。当对java源码进行编译的时候,它会生成平台独立的通过校验 的java位码。这些为程序的安全打下了基础。[主要执行下面的检查:类符合JVM规范的类文件格式,没有违反访问限制,代码没有造成堆栈的上溢或者下溢,所有操作代码的参数类型都是正确的,没有非法的数据类型转换(例如将整型数转换成对象类型)发生;校验通过的字节码被解释器(interpreter)执行,解释器在必要时通过运行时系统执行对底层硬件的合适调用。]
- 2.applet类载入程序--所有的Java对象属于classes,applet类载入程序决定何时和如何把applet载入并运行。applet载入程序确保Java运行环境的主要组件没有被applet安装代码替换。
- 3.安全管理器--当危险的代码将执行的时候,安全管理器会查询Java代码库。安全管理器有权阻止某项操作,并产生一个安全例外。
Trackback: http://tb.donews.net/TrackBack.aspx?PostId=1350477