Security in the large: is Java's sandbox scalable?

Abstract

Using Java security as an example, this paper tries to draw attention to the various issues of security in large scale distributed systems, some of which are often ignored when the security mechanisms are designed. Even though a lot of work has been done on Java security, we argue in this paper that due to weaknesses inherent in the Java approach to building sandboxes, Java security is not suitable when applied to large-scale distributed systems. In addition, the paper also explains the impact of these issues on the security mechanisms and introduces some of our efforts to find the security mechanisms that address the issues of building large scale secure systems.