Who should attend: Programmers, webmasters, and network administrators interested in how Java security is implemented, and how the benefits of Java compare with its risks.

Executable content systems like Java, ActiveX, and Postscript have become a normal part of surfing the Web. These systems are often integrated so seamlessly into browsers that users are unaware that they are doing anything extraordinary. This means many users do not recognize the extra security risks they are taking on by using such systems.

Java is especially cool since it is cross-platform, object oriented, network-savvy, and uses modern memory management. In addition, Java's designers have attempted to create a system that simultaneously ensures type safety and allows dynamic class loading. Type safety plays an essential role in Java's security approach.

Java clearly has exciting benefits, but with these benefits come new risks. It is critical that Java perform in a secure fashion - something that its designers tried to ensure. How did they do it? How successful were they? Do the benefits of Java outweigh the risks?

This tutorial covers the three prongs of the fundamental Java security model, discusses some of Java's most famous flaws, covers the impact of code-signing on the Java sandbox, and talks about what to expect in the future from executable content systems in terms of security.

Gary McGraw is a research scientist with a dual PhD in Cognitive Science and Computer Science. He recently completed Java Security: Hostile Applets, Holes, & Antidotes and Software Fault Injection: Inoculating Programs Against Errors. Dr. McGraw has published his research in over forty technical publications. He is principal investigator on grants from the National Science Foundation, Rome Labs, and the Defense Advanced Research Projects Agency (DARPA).

Tutorials at-a-Glance     Symposium Speakers