I recently learned about the Java security model. Most people think that Java is safe because it is immune to buffer overflows, etc., but there is all this Java security model centered around checking if the code has permission to take certain actions. They really solve a difficult problem: how to resolve arbitrary unreliable code (say, in a web browser), but not allow access to the base system by malicious methods, while maintaining the ability to interact with the system in some way.
Sandboxed C ++ or something like that would be very difficult to even try, because the language dictates that you can do pointer arithmetic, etc., allowing malicious code to distort other parts of the process. Since there are many languages with memory support, I was curious that other languages have complex security models and how they compare to Java.
I don’t know how many languages you need to have concepts such as a sandbox, etc. I am looking for some pointers to learn about this interesting area of computer security.
source
share