Controlling applets' behavior in a browser

Abstract

We discuss methods of protecting Java enabled Web browsers against malicious applets. Malicious applets involve denial of service, invasion of privacy and annoyance. Since system modification by applets is generally impossible because of the Java security concept, denial of service is of major concern. Invasion of privacy may be caused by applets staying resident in the browser and collecting information about a user. Annoyance may, for example, be caused by advertisement applets that constantly appear on a Web site frequently visited by the user. A general solution to confront such attacks is to have some mechanism within the browser to monitor applets' activities. This mechanism should enable manual or automatic stopping of malicious applets. To illustrate it we present a special applet, called AppletGuard, that allows the user to observe and control the applets in the browser and, based on an applet's properties, stop or suspend the applet, or just warn the user that something dangerous might be going on.