Building Secure Software with Java
- Java eliminates many of the mechanisms exploited in common virus and Trojan horse attacks: unsafe type coercions, address arithmetic, dangling pointers, null-pointer dereferencing, array subscript out-of-bounds errors, and stack overflow.
- Existing Java software capabilities are easier to port and repurpose than C/C++. According to Aonix, "...when existing software capabilities need to be ported and integrated within a secure computing environment, Java software integrators are five to ten times more productive than developers using the C or C++ languages."
- Because there are fewer opportunities for aliasing in Java, it's easier to use static analysis tools to assist with the data flow analysis required for security audits.
Best practices for secure Java software development include:
- Restrict the use of Java's reflection services, dynamic class loading, native code, and certain standard and third-party libraries.
- Be sure you understand the security characteristics of any standard libraries or third-party middleware used in the application.
- Use declarations to restrict the visibility of particular methods and fields.
- Use annotations or other meta-data to describe security levels of all inputs, outputs, and states.
- Use static analysis tools and perform managed code reviews.
- Use Multiple Independent Levels of Security (MILS) partitioned kernels to enforce the isolation of independent software modules.