Java Language Features for Security

• Security through being published
• source code for Java interpreter and compiler are available for inspection
• Security through being well defined
• All primitive types are guaranteed to be of specific size
• All operations are defined to be performed in a specific order
• Two correct java compilers never give different results
• Security through lack of pointer arithmetic
• pointers cannot be forged
• all references to methods and instance variables are through symbolic names
• Security through garbage collection
• Security through strict compile time checking
• strong typing
• Objects cannot be cast to a subclass without a runtime check
• All references are checked if they are of the correct type
• compiler checks"security barriers" (referencing of a private variable from another class)
• Integers and objects are not interconvertible