Communications of the ACM

Home/News/Computer Scientist Ross Tate Working to Tame Java.../Full Text

ACM TechNews

Computer Scientist Ross Tate Working to Tame Java 'wildcards'

By Cornell Chronicle
October 28, 2016
Comments

View as: Print Mobile App Share:

A Cornell University professor who uncovered long-standing security issues in the Java programming language is working with a team at Oracle to correct them.

Credit: Oracle Corporation

Cornell University professor Ross Tate has discovered that the Java programming language, designed to be safe, is actually quite insecure.

Tate has suggested solutions and is working with a team at Oracle on revisions to the language.

Java enforces security by requiring that all variables have a "type." For example, a variable labeled "string" must contain text, and not a number or anything else. Without these "types," a malicious program could turn a piece of text into an address in computer memory to bypass Java's security system and manipulate the host computer.

"What is scary is that this bug has been sitting there for 12 years," Tate says.

In 2004, Java introduced "wildcard" types, which when combined with the already-present "null" types, could fabricate impossible and deceptive types. These wildcards made it possible to bypass Java's existing safeguards.

"The challenge is to fix this and not break what other people have done," Tate says.

From Cornell Chronicle
View Full Article

No entries found

Computer Scientist Ross Tate Working to Tame Java 'wildcards'

NASA's Robotic, Self-Assembling Structures

Data Bias Management

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy