JVM runs untrusted code

• The system must distinguish between

  • calls coming from untrusted code
  • calls coming from the VM application itself

• Runtime protects OS calls by controlling all entry points

  • only VM can make system calls
  • all other code calls through VM which has access control provisions

Previous slide

Next slide

Back to first slide

View graphic version