HackerTrans
トップ新着トレンドコメント過去質問紹介求人

nknize

no profile record

投稿

JGuard v0.4.0 – Capability-based security for the JVM (post-SecurityManager)

github.com
3 ポイント·投稿者 nknize·2 か月前·1 コメント

A capability-based alternative to Java's SecurityManager (JDK 21+)

github.com
2 ポイント·投稿者 nknize·6 か月前·2 コメント

コメント

nknize
·2 か月前·議論
[flagged]
nknize
·6 か月前·議論
Hi, author here.

jGuard is a capability-based security framework for the JVM (JDK 21+) designed for running untrusted or semi-trusted code after the removal of the Java SecurityManager.

Policies are declared using a module-style descriptor inspired by module-info.java, and enforcement happens at the JDK operation level (filesystem, network, threads, native loads).

Happy to answer questions about the threat model, design tradeoffs, or how this compares to the legacy SecurityManager.