sandbox

The sandbox is implemented not only by requiring programmers to conform to certain rules but also by providing code checkers. The Java language itself provides features such as automatic memory management, garbage collection, and the checking of address ranges in strings and arrays that inherently help to guarantee safe code. In addition, Java includes a compiled code (Java's compiled code is known as bytecode) verifier that guarantees adherence to certain limitations. Java also provides for a local name space within which code may be restricted. The Java virtual machine (the layer that interprets the Java bytecode for a given computer platform) also mediates access to system resources and ensures that sandbox code is restricted.

In the original sandbox security model, the sandbox code is generally known as untrusted code. In later versions of the Java Development Kit (JDK) - the programmer's development environment - the sandbox has been made more sophisticated by introducing several levels of trust that the user can specify for sandbox code. The more trust the user allows, the more capability the code has to "play" outside of the sandbox. In the Java Development Kit 1.1 version, the concept of a signed applet was introduced. An applet accompanied by a digital signature can contain trusted code that will be allowed to execute if the signature is recognized by the client browser.

In JDK 2.0, Java provides for assigning different levels of trust to all application code, whether loaded locally or arriving from the Internet. A mechanism exists to define a security policy that will be used to screen all code - whether signed or not - as it executes.

Read more about sandbox: - Sun Microsystems provides more information about the sandbox in its Java Security Architecture . - Wiley's online version of Securing Java explains the original Java sandbox in The Base Java Security Model: The Original Applet Sandbox .

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Software Development Methodology,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT nCircle statistics show rising Web application vulnerabilities The number of Web application vulnerabilities detected by the vendor is on track to exceed 2008, according to the latest statistics. Common PCI questions: Web application firewalls or source code review? Is it better to use Web application firewalls, automated source code security reviews or vulnerability scans? Michael Cobb reviews your options. Juniper pulls ATM hacking presentation from Black Hat Researcher planned to demonstrate a hacking technique targeting the underlying software of a new ATM.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)