Rule-based filtering for Java applets

Abstract

Java has been designed with a sophisticated security model that prevents applets downloaded from an untrusted network to attack the local system. However, malicious applets could exploit bugs in the virtual machine in order to gain access to system resources to perform unauthorized operations. The paper discusses the problem of intercepting such applets through a set of filtering rules that can be applied before a fixed version of the virtual machine is released. Moreover, we present an implementation of a filtering tool that can be used either as a firewall extension or as a virtual machine extension.