Good point! The Web Application Servers use case also seems to have been
the impetus behind
JSR 121: Application Isolation API Specification
(https://jcp.org/en/jsr/detail?id=121). Mark, note the dates on this
spec. Specification started in 2001 and ended in 2006.
Security Explorations released a report last year on GAE with some
decent discussion of the architecture:
http://www.security-explorations.com/materials/se-2014-02-report.pdf.
Most of the serious vulnerabilities are in class loaders.
Bernd, I'll send you a copy of the paper shortly.
Michael
On 05/26/2015 04:40 PM, Bernd Eckenfels wrote:
Hello,
partial quote as I want to add to a point:
Am Tue, 26 May 2015 16:19:59 -0400
schrieb Michael Maass <mma...@andrew.cmu.edu>:
3. Common security reasons to use the sandbox: (a) using a third
party library that isn't fully trusted (convenience often trumps
security) and (b) frameworks loading third party plugins.
From looking at CVEs it looks like the only other common reason not
mentioned here is multi tenancy for Web Application Servers (i.e.
seperate WAR deployments).
And I am quite sure by now (i.e. contains and other PaaS technolgies)
nobody considers that anymore. So the biggest user might as well be
Google App Engine (not sure how far their special platform relies on
the security manager).
Gruss
Bernd
PS: Michael I would be interested in your paper for my personal
education.
