| Although the three legs of Java security ” class-loading system, class file verifier, and security manager ”each have unique functions, they are interdependent. -
The class-loading system relies on the security manager to prevent untrusted code from loading its own class loader, which could flag untrusted code as trusted. -
Conversely, the security manager relies on the class-loading system to keep untrusted classes and local classes in separate name spaces and to prevent the local trusted classes from being overwritten. -
Both the security manager and the class-loading system rely on the class file verifier to make sure that class confusion is avoided and that class protection directives are honored. The bottom line is this: If an attacker can breach one of the three defenses, the security of the whole system is usually compromised. |