Java Security Architecture
Security has been an integral part of Java technology. Security is an evolving design goal of the Java community—building and running secure and robust Java-based network applications. The primary reason for Java’s success today as a secure execution environment is the intrinsic security of its architectural foundation—the Java Virtual Machine (JVM) and the Java language.
This foundation achieves the basic Java security goal and its definitive ways for extending security capabilities to ensure features such as confidentiality, integrity, trust, and so forth. A second reason for its success is its ability to deliver an interoperable and platform-neutral security infrastructure that can be integrated with the security of the underlying operating system and services.
Most of the work of a Java security architect is targeted at application programmers, and Java is no exception. Here the design goal is to help programmers get what is intended out of their code—more specifically, to make the most common cases the easiest to write and get right, and to reduce the risk of coding mistakes or bugs.
There are four attributes of Java security architecture to apply:
To be present and accepted in the marketplace, the architecture must be easy to use and suitable for writing a wide variety of applications.
To inspire confidence in the correctness of the architecture, it must be easy to understand the critical design properties and to analyze the implementation.
The architecture must contain all essential features and building blocks for supporting higher-level security requirements.
The design must evolve with ease, following demand and market reality. In particular, it should avoid over prescribing that restricts programmability.
To facilitate end-to-end security of the Java platform-based application solutions, the Java runtime environment (JRE) and the Java language provide a solid security foundation from the ground up by imposing strong format and structural constraints on the code and its execution environment. This distinguishes the Java platform from other application programming languages—it has a well-defined security architectural model for programming Java-based solutions and their secure execution.