Capabilities for Java: Secure Access to Resources

• Published in: Programming Languages and Systems Vol. 10695; pp. 67 - 84
• Main Authors: Hayes, Ian J., Wu, Xi, Meinicke, Larissa A.
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Lecture Notes in Computer Science
• ISBN: 3319712365; 9783319712369
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-71237-6_4

This paper explores adding capabilities to Java with the objective of tightening security management for access to resources both within the Java Class Library and Java applications. Code can only access resources if it is given explicit capabilities, allowing replacement of the use of doPrivileged blocks. Capabilities provide restricted access to their implementing object – like an interface – but when a capability is created, it has a more restrictive dynamic type than its implementing object, and hence access to the full facilities of the implementing object (e.g. via down casting) are precluded. We used the Annotation Processing Tool to track the declaration and use of capabilities.