Eliminating the security overhead when not running with a security manager

Alan Bateman Alan.Bateman at oracle.com
Tue Nov 21 11:41:30 UTC 2017


On 21/11/2017 00:48, David Lloyd wrote:
> One thing that springs to mind.  Some allowance would have to be made
> for domain combiners and JAAS Subject propagation: this mechanism also
> uses access control contexts, to its own great detriment.
Are you thinking about usages where there is no security manager but 
AccessController.checkPermission is still used to check permissions?


> :
>
> Anyway I never got a chance to prototype this, but it might be a fun
> option worth exploring.  I found the idea of moving this stuff all to
> user space to be very appealing (due in no small part to the idea that
> it could potentially be examined and analyzed by a much larger
> audience, being Java code). It also hints at the possibility of a
> fully "user space" replacement of the security manager concept (much
> of the remaining cost lives in the structure of AccessControlContext,
> which is based on an array of ProtectionDomain objects; this is
> definitely non-ideal and could possibly be hidden behind a smarter
> abstraction).
In terms of performance the main interest here is the "no security 
manager" case. If you have prototypes that moving the stack walking and 
help the security manager case then I expect the folks here will be 
interested.

-Alan



More information about the security-dev mailing list