December 18, 2014
Hot Topics:

Building Secure Software with Java

  • February 3, 2010
  • By Developer.com Staff
  • Send Email »
  • More Articles »

An Aonix white paper describes several security advantages of Java over C/C++, and outlines critical considerations for development and certification of Java software systems.

Advantages include:

  • Java eliminates many of the mechanisms exploited in common virus and Trojan horse attacks: unsafe type coercions, address arithmetic, dangling pointers, null-pointer dereferencing, array subscript out-of-bounds errors, and stack overflow.
  • Existing Java software capabilities are easier to port and repurpose than C/C++. According to Aonix, "...when existing software capabilities need to be ported and integrated within a secure computing environment, Java software integrators are five to ten times more productive than developers using the C or C++ languages."
  • Because there are fewer opportunities for aliasing in Java, it's easier to use static analysis tools to assist with the data flow analysis required for security audits.

Best practices for secure Java software development include:

  • Restrict the use of Java's reflection services, dynamic class loading, native code, and certain standard and third-party libraries.
  • Be sure you understand the security characteristics of any standard libraries or third-party middleware used in the application.
  • Use declarations to restrict the visibility of particular methods and fields.
  • Use annotations or other meta-data to describe security levels of all inputs, outputs, and states.
  • Use static analysis tools and perform managed code reviews.
  • Use Multiple Independent Levels of Security (MILS) partitioned kernels to enforce the isolation of independent software modules.





Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Rocket Fuel