The Java language has three main features: platform independence, network mobility and security, while the Java architecture provides strong support and assurance for these three features, and this article focuses on the principles and usage of Java architecture to support information security.
Java architecture
The Java architecture is shown in the following illustration, first Java source code java file compiled into Java binary bytecode class file, and then class file is loaded by the ClassLoader in the Java Virtual machine, while the class loader can also load Java raw API class files, which are primarily responsible for loading, connecting, and initializing these class files, to the execution engine running in the virtual machine, and the execution engine interprets the Java instructions in the class file as specific local operating system methods to execute. The security manager, during execution, controls access to external resources based on the set security policy.
Java executes not by compiling execution but by interpreting execution, different platforms, the same source code compiled into the same Java specification of the same binary bytecode, and then to support the respective platform of the virtual machine to explain the execution, "first compile, then explain, and then perform the" three-step way to make Java implementation of the "write , running everywhere ", if the Java application uses the 100% standard Java API and does not call the local method directly, it can be applied without modification on a variety of platforms, such platform independence makes it more convenient and realistic to use in heterogeneous network environment or embedded aspect. Java's network mobility has brought a new software model, based on distributed processing mode, can transfer software and data over the network to the client, so that the client has the necessary software to browse and manipulate the data transmitted over the network, The Java architecture supports the cutting of a single execution file into a small binary bytecode file class file that can be dynamically connected and dynamically expanded according to the needs of the application. The Java architecture supports security primarily through the Java language itself, the virtual machine ClassLoader and security Manager, and the security APIs provided by Java: Preventing malicious programs from attacking, programs not destroying users ' computer environments, preventing intrusions, The program cannot obtain the confidential information of the host or intranet, authenticate, verify the identity of the provider and the user, encrypt, encrypt the transmitted data, or encrypt the persisted data, validate, set the rules for the operation and verify.
The need for Java information security
With the wide application of Internet and the unique resource sharing of Internet, it is very important for users to get information and process information in time according to user's demand, which is the reason that Java can develop rapidly and widely accepted. But at the same time the network also provides a potential access to the computer, especially when users download the network software running locally, which requires Java to be able to the problem of virus/Trojan prevention, information and local environment protection. For example, when we browse a Web page, the applet on the Web page may be downloaded and run automatically, and the applet is entirely likely to come from a unreliable location, or we can use an unreliable service object found on the network through the Jini service to get the service, Without the security mechanisms provided by the Java architecture, this is likely to introduce a hostile program that causes unknown consequences such as loss of information, disclosure of information, belief in the falsification of data and the modification of local computer security settings, and so on.
Java language itself security
Java language designers are designed on the basis of C + + Java, so compared to C + + its syntax is more simple and clear, structure, unit, operator overload, virtual base class, etc. in Java, and eliminate multiple inheritance in the way of implementing multiple interfaces. This reduces the chances of developers making mistakes and helps them write more secure code.
Java in addition to the C + + language of the puzzling, error-prone "pointers", with lists, heaps, hash tables and other structures to replace, to avoid any unsafe structure. Java also has no indexed-check array access, as this often leads to erratic, unpredictable program operations, and all of its array accesses must first check for bounds. Java requires that all variables not be used before initialization, and that the basic data type variables are automatically assigned to an initial value, avoiding uninitialized variables acquiring memory information. All of this makes it impossible for the program to access any memory address, and the entity information in memory can only be accessed through the privileged object, without the phenomenon of C + + forcing the type pointer into a pointer to memory, and then finding the private variable through the method of memory lookup.
Java allocates memory is transparent to developers, and developers use the new method to create new objects, at which point the virtual machine finds the right memory space from the heap memory, and the developer does not need or can intervene. For memory recycling, Java avoids the developer's explicit intervention object recovery, such as C's free or C + + DELETE commands, to avoid the developer inadvertently memory damage. Java uses the virtual machine's "garbage collection" mechanism to achieve automatic memory management, frees up memory resources that are no longer in use, the memory collector is like a garbage collector, but the collection car we see on the street collects only the rubbish that we put in the trash. It will also go to your home to help you find those things are not used garbage, and then take these things away, and finally to tidy up the home space, freeing up the largest space for you to put new things. The purpose of the Java memory Collector is to find objects that are no longer referenced, free up memory space, and need to defragment the memory so as to avoid "out-of-memory" situations.
For serialized objects exchanged on the network, it is easy to access the object's private information when the object is rebuilt, when Java provides two ways to protect the information, one is to use the method of adding the transient keyword to the variable, so that when the object is serialized, it will not read and write the variable. The other is to implement the Externalizable interface rather than the Serizlizable interface, so that objects can only be saved and rebuilt through the writeexternal and Readexternal methods, and other methods cannot be performed.
These are the basics that the Java language itself provides for information security.