Security Model in Java and its evolution
Java was originally designed for developing Network Applications and as we know that such applications are more prone to potential attacks hence a need for the Security Model was felt as one of the most important feature of the Java architecture.
Since the inception of the Java architecture, the Security Model has also evolved from the Basic Sandox to the rich security architecture for access control in Java 1.2 by supplying a concrete implementation of the Security Manager with the Java 2 Platform. The three major evolutions of the Security Model took place in Java 1.0, Java 1.1, and then in Java 1.2 which are briefly discussed below:-
- Security Model in Java 1.0 - the basic security model implementation was very restrictive for any untrusted code. Any applet downloaded from a remote untrusted machine was considered untrusted and hence such a code used to have a very limited set of priviledges on the client machine. This security model is commonly known as The Basic Sandbox where the term 'sandbox' represents a virtual box where the untrusted code will reside and that code can executed only within the boundaries of the sandbox. This is why the original sandbox based security model implementation in Java 1.0 restricted many activities for the untrusted code on the local machine. These restricted activities include Read/Write on the local disk, Createtion of a new process, Loading of a new dynamic library, etc. The untrusted code was not allowed to establish any network connection to any other host except the host it was downloaded from. Thus we can easily see that the untrusted code in Java 1.0 was having very limited access on the local machine which obviously limited the scope of even trustworthy applets as the security model in that version of Java was not able to differentiate between trustworthy and untrusted applets. Obviosuly a need arises to enable the security model with this capability and consequently the model was revised and made more capable in Java 1.1 which is discussed below.