HackerTrans
热门最新趋势评论往期问答秀出招聘

nknize

no profile record

提交

JGuard v0.4.0 – Capability-based security for the JVM (post-SecurityManager)

github.com
3 分·作者 nknize·2个月前·1 评论

A capability-based alternative to Java's SecurityManager (JDK 21+)

github.com
2 分·作者 nknize·6个月前·2 评论

评论

nknize
·2个月前·讨论
[flagged]
nknize
·6个月前·讨论
Hi, author here.

jGuard is a capability-based security framework for the JVM (JDK 21+) designed for running untrusted or semi-trusted code after the removal of the Java SecurityManager.

Policies are declared using a module-style descriptor inspired by module-info.java, and enforcement happens at the JDK operation level (filesystem, network, threads, native loads).

Happy to answer questions about the threat model, design tradeoffs, or how this compares to the legacy SecurityManager.