Date Added: Jan 2010
This paper considers the problem of securely supporting mobile code on real-world systems. Unlike traditional operating systems, Web browsers must rely on software mechanisms for basic memory safety, both for portability and performance. Currently, there is no standard for constructing secure services above basic memory safety primitives. This paper explain three different strategies and their implementations in Java: several vendors have built capability systems, Netscape and Microsoft have extensions to Java's stack introspection, and the authors designed an add-on to Microsoft Internet Explorer which hides or replaces Java classes. This paper analyzes these systems in terms of established security criteria and concludes with a discussion of appropriate environments in which to deploy each strategy.