Cornell University professor Ross Tate has discovered that the Java programming language, designed to be safe, is actually quite insecure.
Tate has suggested solutions and is working with a team at Oracle on revisions to the language.
Java enforces security by requiring that all variables have a "type." For example, a variable labeled "string" must contain text, and not a number or anything else. Without these "types," a malicious program could turn a piece of text into an address in computer memory to bypass Java's security system and manipulate the host computer.
"What is scary is that this bug has been sitting there for 12 years," Tate says.
In 2004, Java introduced "wildcard" types, which when combined with the already-present "null" types, could fabricate impossible and deceptive types. These wildcards made it possible to bypass Java's existing safeguards.
"The challenge is to fix this and not break what other people have done," Tate says.
From Cornell Chronicle
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found