This Article 
 Bibliographic References 
 Add to: 
Secure Code Distribution
June 1997 (vol. 30 no. 6)
pp. 76-79

The Java Virtual Machine does not offer a way for code obtained from trusted sources to be granted extra rights. This article describes two approaches to authentification for code distribution: One extends the JVM to include a digital signature in applets; the other uses MIME encapsulation to take advantage of available security infrastructures.

The signed-applet approach gives a programmer more flexibility because it addresses the security issues at a more fundamental level. However, signed-applet security mechanisms may vary for different code distribution schemes, making integration difficult.

The MIME-based approach provides a unified security interface. It is more efficient in the sense that all classes can be encapsulated in one multipart attachment, and a single signature or verification operation will cover all classes.

The approaches can also be combined and tailored to satisfy various requirements. Ultimately, operating systems must support the concept of a secure compartment so that separate resource management policies can be implemented for the secure compartment and the rest of the system.

X. Nick Zhang, "Secure Code Distribution," Computer, vol. 30, no. 6, pp. 76-79, June 1997, doi:10.1109/2.587552
Usage of this product signifies your acceptance of the Terms of Use.