Scenarios

Given the analysis of the access controls to resources, it is interesting to see how effective Java could be against the various scenarios mentioned in Section 2.2.

• Integrity Attacks - Each of the mentioned integrity attacks can easily be prevented by the access control capabilities. The malicious modification of files, memory, and threads can be prevented.

• Availability Attacks - The availability attacks are much harder to prevent. As was previously mentioned, there is no current limitation to prevent the allocation of all the memory available to Java or the creation of thousands of windows. Java does have the ability to place some control on the creation of high priority threads.

• Disclosure Attacks - Each of the mentioned disclosure attacks can easily be prevented by the access control capabilities. Java provides mechanisms that both prevent an Applet from accessing sensitive information, as well as preventing the creation of channels to deliver data. Since either one of these would be sufficient to stop disclosure attacks, the combination is sufficient.

• Annoyance Attacks - Since graphics and audio are currently impossible to screen based on content, annoyance attacks cannot be prevented without taking the extreme position that no downloaded data will be shown or heard. Java provides this particular alternative (don't use it to download anything), but does not provide anything more flexible.

The given analysis shows that Java is effective at preventing the more dangerous types of attacks. It should be noted that the annoyance attacks which were mentioned are just as applicable to current Web browsers which do not use Java. The problem of denial of service attacks is also fairly difficult to prevent entirely. One can imagine a security policy that prevents the creation of more than 10 windows, or prevents the use of more than 100Kbytes of memory, but these types of restrictions seem arbitrary. Instead, it would be desirable to have Web browsers that allowed the user to explicitly kill an Applet and all of the resources that it is using. Hopefully such a mechanism will be implemented.