HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nknize

no profile record

Submissions

JGuard v0.4.0 – Capability-based security for the JVM (post-SecurityManager)

github.com
3 points·by nknize·2 個月前·1 comments

A capability-based alternative to Java's SecurityManager (JDK 21+)

github.com
2 points·by nknize·6 個月前·2 comments

comments

nknize
·2 個月前·discuss
[flagged]
nknize
·6 個月前·discuss
Hi, author here.

jGuard is a capability-based security framework for the JVM (JDK 21+) designed for running untrusted or semi-trusted code after the removal of the Java SecurityManager.

Policies are declared using a module-style descriptor inspired by module-info.java, and enforcement happens at the JDK operation level (filesystem, network, threads, native loads).

Happy to answer questions about the threat model, design tradeoffs, or how this compares to the legacy SecurityManager.