Department of Computer Science
CS 201J: Engineering Software
National Science Foundation
|
CS201J: Engineering Software, Fall 2002
|
Notes: Thursday 14 November 2002
Schedule
- Tuesday, 19 November: Exam 2 Due before 4:30pm at Brenda Perkins' office.
- There will be no class on Tuesday 19 November or Thursday 21 November.
Notes How well does Java satisfy Sun's marketing claims?
A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic language.What does it mean for a programming language to be safe?
How does the Java programming language satisfy low-level code safety properties:How well does the Java VM language (byte codes) satisfy low-level code safety properties:
- Type Safety
- Memory Safety
- Control Flow Safety
What safety properties can and cannot be enforced by the Java byte code verifier?
- Type Safety
- Memory Safety
- Control Flow Safety
What kinds of properties can be enforced by reference monitors?
What are the vulnerabilities in the Java security approach?
Links If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet --- he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might to permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click "OK" without even reading it. Thirty seconds later he won't even remember that the warning screen even existed.
- Some Hostile Java Applets
- Java Security Web Site (Gary McGraw and Ed Felten)
- Sun's Java Security [Applet Security FAQ] [Security Bug Chronology]
Bruce Schneier, Secrets and Lies, 2000.
|
|
University of Virginia Department of Computer Science CS 201J: Engineering Software |
|
Sponsored by the National Science Foundation |
cs201j-staff@cs.virginia.edu |