Java 2 Security Model

The release of J2SE [J2SE] introduced a number of significant enhancements to JDK 1.1 and added such features as security extensions providing cryptographic services, digital certificate management, PKI management, and related tools. Some of the major changes in the Java 2 security architecture are as follows:

• Policy-driven restricted access control to JVM resources.
• Rules-based class loading and verification of byte code.
• System for signing code and assigning levels of capability.
• Policy-driven access to Java applets downloaded by a Web browser.

In the Java 2 security architecture, all code—regardless of whether it is run locally or downloaded remotely—can be subjected to a security policy configured by a JVM user or administrator. All code is configured to use a particular domain (equivalent to a sandbox) and a security policy that dictates whether the code can be run on a particular domain or not.