An Evaluation of Java Application Containers according to Security Requirements

Linkoping, Sweden June 13-June 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.18

14th IEEE International Workshops on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Almut Herzog Articles by Nahid Shahmehri

	ASCII Text	x
	Almut Herzog, Nahid Shahmehri, "An Evaluation of Java Application Containers according to Security Requirements," Enabling Technologies, IEEE International Workshops on, pp. 178-186, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005.

	BibTex	x
	@article{ 10.1109/WETICE.2005.18, author = {Almut Herzog and Nahid Shahmehri}, title = {An Evaluation of Java Application Containers according to Security Requirements}, journal ={Enabling Technologies, IEEE International Workshops on}, volume = {0}, year = {2005}, issn = {1524-4547}, pages = {178-186}, doi = {http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.18}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Enabling Technologies, IEEE International Workshops on TI - An Evaluation of Java Application Containers according to Security Requirements SN - 1524-4547 SP178 EP186 A1 - Almut Herzog, A1 - Nahid Shahmehri, PY - 2005 KW - null VL - 0 JA - Enabling Technologies, IEEE International Workshops on ER -

Almut Herzog, Linkoping University, Sweden

Nahid Shahmehri, Linkoping University, Sweden

Web browsers, web servers, Java application servers and OSGi frameworks are all instances of Java execution environments that run more or less untrusted Java applications. In all these environments, Java applications can come from different sources. Consequently, application developers rarely know which other applications exist in the target Java execution environment.

This paper investigates the requirements that need to be imposed on such a container from a security point of view and how the requirements have been implemented by different Java application containers.

More specifically, we show a general risk analysis considering assets, threats and vulnerabilities of a Java container. This risk analysis exposes generic Java security problems and leads to a set of security requirements. These security requirements are then used to evaluate the security architecture of existing Java containers for Java applications, applets, servlets, OSGi bundles, and Enterprise Java Beans. For comparison, the requirements are also examined for a C++ application.

Citation:

Almut Herzog, Nahid Shahmehri, "An Evaluation of Java Application Containers according to Security Requirements," wetice, pp.178-186, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.