<< Previous <<         [Session1 Index]            >> Next >>

Java Implementation

Earlier, we stated that we would treat all object references in Java as capabilities. It is legitimate to think of simple references in Java as capabilities because the byte-code verifier in Java ensures that the object reference cannot be subverted to gain access to elements in the referenced object that were not intentionally exposed. Java is not a complete language from a capability-based security point of view (we have already seen one example of its weaknesses, and there are others), but this fundamental level of leak-free behavior makes it possible to think of making Java secure, unlike the majority of languages that predated it.