lect16

2 above disk disk bytecode core api bytecode class

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Bytecode Java 2 model (SDK 1.2 & above) Disk Disk Bytecode Core API bytecode Class loader Internet Internet Bytecode Class loader Class object Verifier JVM SY32 Secure Computing, Lecture 16 6 Class Loaders & Security • Bytecode with different origins is loaded by Bytecode different class loader objects different • JVM identifies a class by name and class loader JVM and Prevents, e.g., hostile applet from substituting its Prevents, java.net.Socket class for real one java.net.Socket • Difficult to implement correctly; bugs found in March & May 1996 July 1998 November 2000 SY32 Secure Computing, Lecture 16 7 Bytecode Verification • Verifier looks for .class file format violations Abuse of final modifier Abuse final Classes that don't have one superclass Illegal data conversions Operand stack overflow or underflow • Field and method access checking is delayed Field until runtime, then performed once only until SY32 Secure Computing, Lecture 16 8 Code Validation in .NET • Managed code is organized as logical units Managed called assemblies, containing CIL instructions, assemblies containing metadata and resources metadata • Validation checks that Files have correct format (PE/COFF) Metadata are present and uncorrupted CIL instructions are legal SY32 Secure Comput...
View Full Document

This note was uploaded on 05/05/2013 for the course IT 101 taught by Professor Gray during the Fall '11 term at APIIT.

Ask a homework question - tutors are online