The security in java is implemented at four different levels.
1) Language and the compiler – The language and the compiler acts as the first level security.
• Java program has no direct access to memory.
• No arbitrary type casting.
• Strongly typed language.
2) Byte code verifier – The byte code verifier acts as the second level of security. It ensures or checks whether the byte code coming is coming from a worthy compiler or not. It ensures that the code sticks to java standard and does not violate system integrity. The byte code verifier checks that the code does not have
• Forged pointers
• Access restriction violations
• Object mismatching
• Operand stack over or under flows
• Incorrect byte code parameters
• Illegal data conversions
3) Class loader– The class loader acts as the next level of security. The class loader loads all the classes needed for the execution of a program. The class loader allocates memory spaces for each class and ensures that code does not attempt to by pass the built in class. In other words programmers cannot write their own version of an existing built in class and have it executed instead of the default one. The built in classes are always checked first.
4) Sandbox – This is the next level of security. This is applied to applications which are remotely added. This is also known as sandbox model. The first three levels of security are hidden from the user and the java developers while the fourth level is not.