Issue No. 06 - June (1997 vol. 30)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/2.587552
<p>The Java Virtual Machine does not offer a way for code obtained from trusted sources to be granted extra rights. This article describes two approaches to authentification for code distribution: One extends the JVM to include a digital signature in applets; the other uses MIME encapsulation to take advantage of available security infrastructures. </p> <p>The signed-applet approach gives a programmer more flexibility because it addresses the security issues at a more fundamental level. However, signed-applet security mechanisms may vary for different code distribution schemes, making integration difficult. </p> <p>The MIME-based approach provides a unified security interface. It is more efficient in the sense that all classes can be encapsulated in one multipart attachment, and a single signature or verification operation will cover all classes. </p> <p>The approaches can also be combined and tailored to satisfy various requirements. Ultimately, operating systems must support the concept of a secure compartment so that separate resource management policies can be implemented for the secure compartment and the rest of the system. </p>
X. N. Zhang, "Secure Code Distribution," in Computer, vol. 30, no. , pp. 76-79, 1997.