Colloquium Speaker

Speaker:Gary McGraw
Reliable Software Technologies
Topic:Java Security Architecture
Date:Monday, November 9 1998
Time:3:30 PM
Place:Gould-Simpson, Room 701

Refreshments will be served in the 7th-floor lobby of Gould-Simpson at 3:15 PM


Software is becoming ubiquitous. But as software is starting to do more and more important things, systems are becoming ever more complicated and harder to understand. This tension needs to be addressed, especially since software is beginning to control our cars and our checkbooks. That means software had better do what it is supposed to do. Software assurance, including solid software engineering design and risk-based testing, can help. This talk uses Java as a case study of security architecture design. It covers both what works in the Java security architecture and what doesn't. The talk discusses both the base sandbox model from JDK 1.0.2 and the code-signing architecture of JDK 1.2.


Gary McGraw is Vice President of Business Development at Reliable Software Technologies. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from the University of Virginia. Dr. McGraw co-authored "Java Security: Hostile Applets, Holes, & Antidotes" (John Wiley & Sons, 1997), with Prof. Ed Felten of Princeton University. They are currently writing a second book, "Securing Java: Getting down to business with mobile code", available in late 1998. Along with RST's Dr. Jeff Voas, McGraw also wrote "Software Fault Injection: Inoculating Programs Against Errors" (Wiley, 1998).