<< Previous <<
[Session1 Index]
>> Next >>
Java Implementation
Earlier, we stated that we would treat all object
references in Java as capabilities. It is legitimate to think of simple
references in Java as capabilities because the byte-code verifier in Java
ensures that the object reference cannot be subverted to gain access to elements
in the referenced object that were not intentionally exposed. Java is not
a complete language from a capability-based security point of view (we have
already seen one example of its weaknesses, and
there are others), but this fundamental level of leak-free behavior makes
it possible to think of making Java secure, unlike the majority of languages
that predated it.