Universidad Autnoma de Nuevo Len

Facultad de Ciencias Fsico-Matemticas

Ensayo Java Language Security

Nombre: Hctor Alejandro Garca Rodrguez Matrcula: 1484604 Maestro: Osvaldo Habib Gonzlez Grupo: 006 Semestre: 1ero Carrera: LSTI ltima fecha de modificacin: 11/11/2012

Introduction
In this essay we will talk about how security starts at the language, in this case: Java, this being said, we will talk about all the characteristics java has in order to preserv the security, most of them related to the memory, so anything can modify the space or use java is making to the memory. Security is made of lots of pieces, and Java is one of them. The first step to understand security behind computer programming is to understand the security the language itself has.

Body
Java Language Security Constructs
There are certain permissions to grant only certain access levels, which improves greatly the security of Java, those permissions are: Private: The entity can only be accessed by code that is contained within the class that defines the entity. Default (or package): The entity can be accessed by code that is contained within the class that defines the entity, or by a class that is contained in the same package as the class that defines the entity. Protected: The entity can only be accessed by code that is contained within the class that defines the entity, by classes within the same package as the defining class, or by a subclass of the defining class. Public: The entity can be accessed by code in any class.

Those permissions, called access modifiers allow data hiding and data encapsulation. This encapsulation ensures that objects may only be operated upon through the interface the object provides to the world, instead of being operated upon by directly manipulating the object's data elements. One example of this would be the applets, which only allows access to certain information only, and ONLY when it is necessary, and not allowing access all the time, in such way they dont have idea of each other. There are many other advantages such as the final modifier that cant be changed, etc.

Object Serialization and Memory Integrity

Serialization allows kind of avoid the permissions outlined above. So we could say object serialization has two main purposes: it's used extensively in the RMI API to allow clients and servers to exchange objects, and it's used whenever you need to save a particular object to disk and want to recreate the object at some later point in time. This could be seen as a security problem, however serialization has to be implemented, and as an addition it has the transient keyword, so if you have a variable it should not be accessed to, you could always use transient.

Compiler Enforcement
The java compiler is the first thing in checking that the code doesnt break the rules we have been talking about. However, the compiler cannot enforce array bound checking nor can it enforce al cases of illegal object cast.

The Bytecode Verifier.

The bytecode verifier is second thing in checking the codes It verifies things like the class file has the correct format, methods are not overridden, final classes are not subclassed, there is not illegal casting, etc.

Runtime Enforcement
We also have the runtime enforcement, which detects cases of array bounds checking, among other pieces of tasks.

Conclusion
Javas security itself its pretty great, and it is a good basis to develop and implement software with the best practices in security, however in this case we can see how security its unlikely to being compromised because of the language, but because of not having good acknowledge about securitys best practices. It is amazing how so many things have to be carefully check in order to make a language secure, so many steps, cautions an processes, so the basic piece of a software could be secure, regardless of the other pieces.