{"title":"根据安全需求对Java应用程序容器进行评估","authors":"Almut Herzog, N. Shahmehri","doi":"10.1109/WETICE.2005.18","DOIUrl":null,"url":null,"abstract":"Web browsers, Web servers, Java application servers and OSGi frameworks are all instances of Java execution environments that tun more or less untrusted Java applications. In all these environments, Java applications can come from different sources. Consequently, application developers rarely know which other applications exist in the target Java execution environment. This paper investigates the requirements that need to be imposed on such a container from a security point of view and how the requirements have been implemented by different Java application containers. More specifically, we show a general risk analysis considering assets, threats and vulnerabilities of a Java container. This risk analysis exposes generic Java security problems and leads to a set of security requirements. These security requirements are then used to evaluate the security architecture of existing Java containers for Java applications, applets, servlets, OSGi bundles, and Enterprise Java Beans. For comparison, the requirements are also examined for a C++ application.","PeriodicalId":128074,"journal":{"name":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"An evaluation of Java application containers according to security requirements\",\"authors\":\"Almut Herzog, N. Shahmehri\",\"doi\":\"10.1109/WETICE.2005.18\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web browsers, Web servers, Java application servers and OSGi frameworks are all instances of Java execution environments that tun more or less untrusted Java applications. In all these environments, Java applications can come from different sources. Consequently, application developers rarely know which other applications exist in the target Java execution environment. This paper investigates the requirements that need to be imposed on such a container from a security point of view and how the requirements have been implemented by different Java application containers. More specifically, we show a general risk analysis considering assets, threats and vulnerabilities of a Java container. This risk analysis exposes generic Java security problems and leads to a set of security requirements. These security requirements are then used to evaluate the security architecture of existing Java containers for Java applications, applets, servlets, OSGi bundles, and Enterprise Java Beans. For comparison, the requirements are also examined for a C++ application.\",\"PeriodicalId\":128074,\"journal\":{\"name\":\"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2005.18\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2005.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An evaluation of Java application containers according to security requirements
Web browsers, Web servers, Java application servers and OSGi frameworks are all instances of Java execution environments that tun more or less untrusted Java applications. In all these environments, Java applications can come from different sources. Consequently, application developers rarely know which other applications exist in the target Java execution environment. This paper investigates the requirements that need to be imposed on such a container from a security point of view and how the requirements have been implemented by different Java application containers. More specifically, we show a general risk analysis considering assets, threats and vulnerabilities of a Java container. This risk analysis exposes generic Java security problems and leads to a set of security requirements. These security requirements are then used to evaluate the security architecture of existing Java containers for Java applications, applets, servlets, OSGi bundles, and Enterprise Java Beans. For comparison, the requirements are also examined for a C++ application.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
