Sign In

Communications of the ACM

ACM TechNews

Computer Scientist Ross Tate Working to Tame Java 'wildcards'

View as: Print Mobile App Share:
The Java logo.

A Cornell University professor who uncovered long-standing security issues in the Java programming language is working with a team at Oracle to correct them.

Credit: Oracle Corporation

Cornell University professor Ross Tate has discovered that the Java programming language, designed to be safe, is actually quite insecure.

Tate has suggested solutions and is working with a team at Oracle on revisions to the language.

Java enforces security by requiring that all variables have a "type." For example, a variable labeled "string" must contain text, and not a number or anything else. Without these "types," a malicious program could turn a piece of text into an address in computer memory to bypass Java's security system and manipulate the host computer.

"What is scary is that this bug has been sitting there for 12 years," Tate says.

In 2004, Java introduced "wildcard" types, which when combined with the already-present "null" types, could fabricate impossible and deceptive types. These wildcards made it possible to bypass Java's existing safeguards.

"The challenge is to fix this and not break what other people have done," Tate says.

From Cornell Chronicle
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account