%!PS-Adobe-3.0 %%BoundingBox: (atend) %%Pages: (atend) %%PageOrder: (atend) %%DocumentFonts: (atend) %%Creator: Frame 5.0 %%DocumentData: Clean7Bit %%EndComments %%BeginProlog % % Frame ps_prolog 5.0, for use with Frame 5.0 products % This ps_prolog file is Copyright (c) 1986-1995 Frame Technology % Corporation. All rights reserved. This ps_prolog file may be % freely copied and distributed in conjunction with documents created % using FrameMaker, FrameMaker/SGML and FrameViewer as long as this % copyright notice is preserved. % % FrameMaker users specify the proper paper size for each print job in the % "Print" dialog's "Printer Paper Size" "Width" and "Height~ fields. If the % printer that the PS file is sent to does not support the requested paper % size, or if there is no paper tray of the proper size currently installed, % then the job will not be printed. The following flag, if set to true, will % cause the job to print on the default paper in such cases. /FMAllowPaperSizeMismatch false def % % Frame products normally print colors as their true color on a color printer % or as shades of gray, based on luminance, on a black-and white printer. The % following flag, if set to true, forces all non-white colors to print as pure % black. This has no effect on bitmap images. /FMPrintAllColorsAsBlack false def % % Frame products can either set their own line screens or use a printer's % default settings. Three flags below control this separately for no % separations, spot separations and process separations. If a flag % is true, then the default printer settings will not be changed. If it is % false, Frame products will use their own settings from a table based on % the printer's resolution. /FMUseDefaultNoSeparationScreen true def /FMUseDefaultSpotSeparationScreen true def /FMUseDefaultProcessSeparationScreen false def % % For any given PostScript printer resolution, Frame products have two sets of % screen angles and frequencies for printing process separations, which are % recomended by Adobe. The following variable chooses the higher frequencies % when set to true or the lower frequencies when set to false. This is only % effective if the appropriate FMUseDefault...SeparationScreen flag is false. /FMUseHighFrequencyScreens true def % % The following is a set of predefined optimal frequencies and angles for various % common dpi settings. This is taken from "Advances in Color Separation Using % PostScript Software Technology," from Adobe Systems (3/13/89 P.N. LPS 0043) % and corrolated with information which is in various PPD (4.0) files. % % The "dpiranges" figure is the minimum dots per inch device resolution which % can support this setting. The "low" and "high" values are controlled by the % setting of the FMUseHighFrequencyScreens flag above. The "TDot" flags control % the use of the "Yellow Triple Dot" feature whereby the frequency id divided by % three, but the dot function is "trippled" giving a block of 3x3 dots per cell. % % PatFreq is a compromise pattern frequency for ps Level 2 printers which is close % to the ideal WYSIWYG pattern frequency of 9 repetitions/inch but does not beat % (too badly) against the screen frequencies of any separations for that DPI. /dpiranges [ 2540 2400 1693 1270 1200 635 600 0 ] def /CMLowFreqs [ 100.402 94.8683 89.2289 100.402 94.8683 66.9349 63.2456 47.4342 ] def /YLowFreqs [ 95.25 90.0 84.65 95.25 90.0 70.5556 66.6667 50.0 ] def /KLowFreqs [ 89.8026 84.8528 79.8088 89.8026 84.8528 74.8355 70.7107 53.033 ] def /CLowAngles [ 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 71.5651 ] def /MLowAngles [ 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 18.4349 ] def /YLowTDot [ true true false true true false false false ] def /CMHighFreqs [ 133.87 126.491 133.843 108.503 102.523 100.402 94.8683 63.2456 ] def /YHighFreqs [ 127.0 120.0 126.975 115.455 109.091 95.25 90.0 60.0 ] def /KHighFreqs [ 119.737 113.137 119.713 128.289 121.218 89.8026 84.8528 63.6395 ] def /CHighAngles [ 71.5651 71.5651 71.5651 70.0169 70.0169 71.5651 71.5651 71.5651 ] def /MHighAngles [ 18.4349 18.4349 18.4349 19.9831 19.9831 18.4349 18.4349 18.4349 ] def /YHighTDot [ false false true false false true true false ] def /PatFreq [ 10.5833 10.0 9.4055 10.5833 10.0 10.5833 10.0 9.375 ] def % % PostScript Level 2 printers contain an "Accurate Screens" feature which can % improve process separation rendering at the expense of compute time. This % flag is ignored by PostScript Level 1 printers. /FMUseAcccurateScreens true def % % The following PostScript procedure defines the spot function that Frame % products will use for process separations. You may un-comment-out one of % the alternative functions below, or use your own. % % Dot function /FMSpotFunction {abs exch abs 2 copy add 1 gt {1 sub dup mul exch 1 sub dup mul add 1 sub } {dup mul exch dup mul add 1 exch sub }ifelse } def % % Line function % /FMSpotFunction { pop } def % % Elipse function % /FMSpotFunction { dup 5 mul 8 div mul exch dup mul exch add % sqrt 1 exch sub } def % % /FMversion (5.0) def /fMLevel1 /languagelevel where {pop languagelevel} {1} ifelse 2 lt def /FMPColor fMLevel1 { false /colorimage where {pop pop true} if } { true } ifelse def /FrameDict 400 dict def systemdict /errordict known not {/errordict 10 dict def errordict /rangecheck {stop} put} if % The readline in PS 23.0 doesn't recognize cr's as nl's on AppleTalk FrameDict /tmprangecheck errordict /rangecheck get put errordict /rangecheck {FrameDict /bug true put} put FrameDict /bug false put mark % Some PS machines read past the CR, so keep the following 3 lines together! currentfile 5 string readline 00 0000000000 cleartomark errordict /rangecheck FrameDict /tmprangecheck get put FrameDict /bug get { /readline { /gstring exch def /gfile exch def /gindex 0 def { gfile read pop dup 10 eq {exit} if dup 13 eq {exit} if gstring exch gindex exch put /gindex gindex 1 add def } loop pop gstring 0 gindex getinterval true } bind def } if /FMshowpage /showpage load def /FMquit /quit load def /FMFAILURE { dup = flush FMshowpage /Helvetica findfont 12 scalefont setfont 72 200 moveto show 72 220 moveto show FMshowpage FMquit } def /FMVERSION { FMversion ne { (Frame product version does not match ps_prolog! Check installation;) (also check ~/fminit and ./fminit for old versions) FMFAILURE } if } def /FMBADEPSF { (Adobe's PostScript Language Reference Manual, 2nd Edition, section H.2.4) (says your EPS file is not valid, as it calls X ) dup dup (X) search pop exch pop exch pop length 5 -1 roll putinterval FMFAILURE } def /fmConcatProcs { /proc2 exch cvlit def/proc1 exch cvlit def/newproc proc1 length proc2 length add array def newproc 0 proc1 putinterval newproc proc1 length proc2 putinterval newproc cvx }def FrameDict begin [ /ALDsave /FMdicttop /FMoptop /FMpointsize /FMsaveobject /b /bitmapsave /blut /bpside /bs /bstring /bwidth /c /cf /cs /cynu /depth /edown /fh /fillvals /fw /fx /fy /g /gfile /gindex /grnt /gryt /gstring /height /hh /i /im /indx /is /k /kk /landscape /lb /len /llx /lly /m /magu /manualfeed /n /offbits /onbits /organgle /orgbangle /orgbfreq /orgbproc /orgbxfer /orgfreq /orggangle /orggfreq /orggproc /orggxfer /orgmatrix /orgproc /orgrangle /orgrfreq /orgrproc /orgrxfer /orgxfer /pagesave /paperheight /papersizedict /paperwidth /pos /pwid /r /rad /redt /sl /str /tran /u /urx /ury /val /width /width /ws /ww /x /x1 /x2 /xindex /xpoint /xscale /xx /y /y1 /y2 /yelu /yindex /ypoint /yscale /yy ] { 0 def } forall /FmBD {bind def} bind def systemdict /pdfmark known { /fMAcrobat true def /FmPD /pdfmark load def /FmPT /show load def currentdistillerparams /CoreDistVersion get 2000 ge { /FmPD2 /pdfmark load def /FmPA { mark exch /Dest exch 5 3 roll /View [ /XYZ null 6 -2 roll FmDC exch pop null] /DEST FmPD }FmBD } { /FmPD2 /cleartomark load def /FmPA {pop pop pop}FmBD } ifelse } { /fMAcrobat false def /FmPD /cleartomark load def /FmPD2 /cleartomark load def /FmPT /pop load def /FmPA {pop pop pop}FmBD } ifelse /FmDC { transform fMDefaultMatrix itransform cvi exch cvi exch }FmBD /FmBx { dup 3 index lt {3 1 roll exch} if 1 index 4 index lt {4 -1 roll 3 1 roll exch 4 1 roll} if }FmBD /FMnone 0 def /FMcyan 1 def /FMmagenta 2 def /FMyellow 3 def /FMblack 4 def /FMcustom 5 def /fMNegative false def /FrameSepIs FMnone def /FrameSepBlack 0 def /FrameSepYellow 0 def /FrameSepMagenta 0 def /FrameSepCyan 0 def /FrameSepRed 1 def /FrameSepGreen 1 def /FrameSepBlue 1 def /FrameCurGray 1 def /FrameCurPat null def /FrameCurColors [ 0 0 0 1 0 0 0 ] def /FrameColorEpsilon .001 def /eqepsilon { sub dup 0 lt {neg} if FrameColorEpsilon le } bind def /FrameCmpColorsCMYK { 2 copy 0 get exch 0 get eqepsilon { 2 copy 1 get exch 1 get eqepsilon { 2 copy 2 get exch 2 get eqepsilon { 3 get exch 3 get eqepsilon } {pop pop false} ifelse }{pop pop false} ifelse } {pop pop false} ifelse } bind def /FrameCmpColorsRGB { 2 copy 4 get exch 0 get eqepsilon { 2 copy 5 get exch 1 get eqepsilon { 6 get exch 2 get eqepsilon }{pop pop false} ifelse } {pop pop false} ifelse } bind def /RGBtoCMYK { 1 exch sub 3 1 roll 1 exch sub 3 1 roll 1 exch sub 3 1 roll 3 copy 2 copy le { pop } { exch pop } ifelse 2 copy le { pop } { exch pop } ifelse dup dup dup 6 1 roll 4 1 roll 7 1 roll sub 6 1 roll sub 5 1 roll sub 4 1 roll } bind def /CMYKtoRGB { dup dup 4 -1 roll add 5 1 roll 3 -1 roll add 4 1 roll add 1 exch sub dup 0 lt {pop 0} if 3 1 roll 1 exch sub dup 0 lt {pop 0} if exch 1 exch sub dup 0 lt {pop 0} if exch } bind def /FrameSepInit { 1.0 RealSetgray } bind def /FrameSetSepColor { /FrameSepBlue exch def /FrameSepGreen exch def /FrameSepRed exch def /FrameSepBlack exch def /FrameSepYellow exch def /FrameSepMagenta exch def /FrameSepCyan exch def /FrameSepIs FMcustom def setCurrentScreen } bind def /FrameSetCyan { /FrameSepBlue 1.0 def /FrameSepGreen 1.0 def /FrameSepRed 0.0 def /FrameSepBlack 0.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 1.0 def /FrameSepIs FMcyan def setCurrentScreen } bind def /FrameSetMagenta { /FrameSepBlue 1.0 def /FrameSepGreen 0.0 def /FrameSepRed 1.0 def /FrameSepBlack 0.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 1.0 def /FrameSepCyan 0.0 def /FrameSepIs FMmagenta def setCurrentScreen } bind def /FrameSetYellow { /FrameSepBlue 0.0 def /FrameSepGreen 1.0 def /FrameSepRed 1.0 def /FrameSepBlack 0.0 def /FrameSepYellow 1.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 0.0 def /FrameSepIs FMyellow def setCurrentScreen } bind def /FrameSetBlack { /FrameSepBlue 0.0 def /FrameSepGreen 0.0 def /FrameSepRed 0.0 def /FrameSepBlack 1.0 def /FrameSepYellow 0.0 def /FrameSepMagenta 0.0 def /FrameSepCyan 0.0 def /FrameSepIs FMblack def setCurrentScreen } bind def /FrameNoSep { /FrameSepIs FMnone def setCurrentScreen } bind def /FrameSetSepColors { FrameDict begin [ exch 1 add 1 roll ] /FrameSepColors exch def end } bind def /FrameColorInSepListCMYK { FrameSepColors { exch dup 3 -1 roll FrameCmpColorsCMYK { pop true exit } if } forall dup true ne {pop false} if } bind def /FrameColorInSepListRGB { FrameSepColors { exch dup 3 -1 roll FrameCmpColorsRGB { pop true exit } if } forall dup true ne {pop false} if } bind def /RealSetgray /setgray load def /RealSetrgbcolor /setrgbcolor load def /RealSethsbcolor /sethsbcolor load def end /setgray { FrameDict begin FrameSepIs FMnone eq { RealSetgray } { FrameSepIs FMblack eq { RealSetgray } { FrameSepIs FMcustom eq FrameSepRed 0 eq and FrameSepGreen 0 eq and FrameSepBlue 0 eq and { RealSetgray } { 1 RealSetgray pop } ifelse } ifelse } ifelse end } bind def /setrgbcolor { FrameDict begin FrameSepIs FMnone eq { RealSetrgbcolor } { 3 copy [ 4 1 roll ] FrameColorInSepListRGB { FrameSepBlue eq exch FrameSepGreen eq and exch FrameSepRed eq and { 0 } { 1 } ifelse } { FMPColor { RealSetrgbcolor currentcmykcolor } { RGBtoCMYK } ifelse FrameSepIs FMblack eq {1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse RealSetgray } ifelse end } bind def /sethsbcolor { FrameDict begin FrameSepIs FMnone eq { RealSethsbcolor } { RealSethsbcolor currentrgbcolor setrgbcolor } ifelse end } bind def FrameDict begin /setcmykcolor where { pop /RealSetcmykcolor /setcmykcolor load def } { /RealSetcmykcolor { 4 1 roll 3 { 3 index add 0 max 1 min 1 exch sub 3 1 roll} repeat RealSetrgbcolor pop } bind def } ifelse userdict /setcmykcolor { FrameDict begin FrameSepIs FMnone eq { RealSetcmykcolor } { 4 copy [ 5 1 roll ] FrameColorInSepListCMYK { FrameSepBlack eq exch FrameSepYellow eq and exch FrameSepMagenta eq and exch FrameSepCyan eq and { 0 } { 1 } ifelse } { FrameSepIs FMblack eq {1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse RealSetgray } ifelse end } bind put fMLevel1 { /patScreenDict 7 dict dup begin <0f1e3c78f0e1c387> [ 45 { pop } {exch pop} .5 2 sqrt] FmBD <0f87c3e1f0783c1e> [ 135 { pop } {exch pop} .5 2 sqrt] FmBD [ 0 { pop } dup .5 2 ] FmBD [ 90 { pop } dup .5 2 ] FmBD <8142241818244281> [ 45 { 2 copy lt {exch} if pop} dup .75 2 sqrt] FmBD <03060c183060c081> [ 45 { pop } {exch pop} .875 2 sqrt] FmBD <8040201008040201> [ 135 { pop } {exch pop} .875 2 sqrt] FmBD end def } { /patProcDict 5 dict dup begin <0f1e3c78f0e1c387> { 3 setlinewidth -1 -1 moveto 9 9 lineto stroke 4 -4 moveto 12 4 lineto stroke -4 4 moveto 4 12 lineto stroke} bind def <0f87c3e1f0783c1e> { 3 setlinewidth -1 9 moveto 9 -1 lineto stroke -4 4 moveto 4 -4 lineto stroke 4 12 moveto 12 4 lineto stroke} bind def <8142241818244281> { 1 setlinewidth -1 9 moveto 9 -1 lineto stroke -1 -1 moveto 9 9 lineto stroke } bind def <03060c183060c081> { 1 setlinewidth -1 -1 moveto 9 9 lineto stroke 4 -4 moveto 12 4 lineto stroke -4 4 moveto 4 12 lineto stroke} bind def <8040201008040201> { 1 setlinewidth -1 9 moveto 9 -1 lineto stroke -4 4 moveto 4 -4 lineto stroke 4 12 moveto 12 4 lineto stroke} bind def end def /patDict 15 dict dup begin /PatternType 1 def /PaintType 2 def /TilingType 3 def /BBox [ 0 0 8 8 ] def /XStep 8 def /YStep 8 def /PaintProc { begin patProcDict bstring known { patProcDict bstring get exec } { 8 8 true [1 0 0 -1 0 8] bstring imagemask } ifelse end } bind def end def } ifelse /combineColor { FrameSepIs FMnone eq { graymode fMLevel1 or not { [/Pattern [/DeviceCMYK]] setcolorspace FrameCurColors 0 4 getinterval aload pop FrameCurPat setcolor } { FrameCurColors 3 get 1.0 ge { FrameCurGray RealSetgray } { fMAcrobat not FMPColor graymode and and { 0 1 3 { FrameCurColors exch get 1 FrameCurGray sub mul } for RealSetcmykcolor } { 4 1 6 { FrameCurColors exch get graymode { 1 exch sub 1 FrameCurGray sub mul 1 exch sub } { 1.0 lt {FrameCurGray} {1} ifelse } ifelse } for RealSetrgbcolor } ifelse } ifelse } ifelse } { FrameCurColors 0 4 getinterval aload FrameColorInSepListCMYK { FrameSepBlack eq exch FrameSepYellow eq and exch FrameSepMagenta eq and exch FrameSepCyan eq and FrameSepIs FMcustom eq and { FrameCurGray } { 1 } ifelse } { FrameSepIs FMblack eq {FrameCurGray 1.0 exch sub mul 1.0 exch sub 4 1 roll pop pop pop} { FrameSepIs FMyellow eq {pop FrameCurGray 1.0 exch sub mul 1.0 exch sub 3 1 roll pop pop} { FrameSepIs FMmagenta eq {pop pop FrameCurGray 1.0 exch sub mul 1.0 exch sub exch pop } { FrameSepIs FMcyan eq {pop pop pop FrameCurGray 1.0 exch sub mul 1.0 exch sub } {pop pop pop pop 1} ifelse } ifelse } ifelse } ifelse } ifelse graymode fMLevel1 or not { [/Pattern [/DeviceGray]] setcolorspace FrameCurPat setcolor } { graymode not fMLevel1 and { dup 1 lt {pop FrameCurGray} if } if RealSetgray } ifelse } ifelse } bind def /savematrix { orgmatrix currentmatrix pop } bind def /restorematrix { orgmatrix setmatrix } bind def /fMDefaultMatrix matrix defaultmatrix def /fMatrix2 matrix def /dpi 72 0 fMDefaultMatrix dtransform dup mul exch dup mul add sqrt def /freq dpi dup 72 div round dup 0 eq {pop 1} if 8 mul div def /sangle 1 0 fMDefaultMatrix dtransform exch atan def sangle fMatrix2 rotate fMDefaultMatrix fMatrix2 concatmatrix dup 0 get /sflipx exch def 3 get /sflipy exch def /screenIndex { 0 1 dpiranges length 1 sub { dup dpiranges exch get 1 sub dpi le {exit} {pop} ifelse } for } bind def /getCyanScreen { FMUseHighFrequencyScreens { CHighAngles CMHighFreqs} {CLowAngles CMLowFreqs} ifelse screenIndex dup 3 1 roll get 3 1 roll get /FMSpotFunction load } bind def /getMagentaScreen { FMUseHighFrequencyScreens { MHighAngles CMHighFreqs } {MLowAngles CMLowFreqs} ifelse screenIndex dup 3 1 roll get 3 1 roll get /FMSpotFunction load } bind def /getYellowScreen { FMUseHighFrequencyScreens { YHighTDot YHighFreqs} { YLowTDot YLowFreqs } ifelse screenIndex dup 3 1 roll get 3 1 roll get { 3 div {2 { 1 add 2 div 3 mul dup floor sub 2 mul 1 sub exch} repeat FMSpotFunction } } {/FMSpotFunction load } ifelse 0.0 exch } bind def /getBlackScreen { FMUseHighFrequencyScreens { KHighFreqs } { KLowFreqs } ifelse screenIndex get 45.0 /FMSpotFunction load } bind def /getSpotScreen { getBlackScreen } bind def /getCompositeScreen { getBlackScreen } bind def /FMSetScreen fMLevel1 { /setscreen load }{ { 8 dict begin /HalftoneType 1 def /SpotFunction exch def /Angle exch def /Frequency exch def /AccurateScreens FMUseAcccurateScreens def currentdict end sethalftone } bind } ifelse def /setDefaultScreen { FMPColor { orgrxfer cvx orggxfer cvx orgbxfer cvx orgxfer cvx setcolortransfer } { orgxfer cvx settransfer } ifelse orgfreq organgle orgproc cvx setscreen } bind def /setCurrentScreen { FrameSepIs FMnone eq { FMUseDefaultNoSeparationScreen { setDefaultScreen } { getCompositeScreen FMSetScreen } ifelse } { FrameSepIs FMcustom eq { FMUseDefaultSpotSeparationScreen { setDefaultScreen } { getSpotScreen FMSetScreen } ifelse } { FMUseDefaultProcessSeparationScreen { setDefaultScreen } { FrameSepIs FMcyan eq { getCyanScreen FMSetScreen } { FrameSepIs FMmagenta eq { getMagentaScreen FMSetScreen } { FrameSepIs FMyellow eq { getYellowScreen FMSetScreen } { getBlackScreen FMSetScreen } ifelse } ifelse } ifelse } ifelse } ifelse } ifelse } bind def end /FMDOCUMENT { array /FMfonts exch def /#copies exch def FrameDict begin 0 ne /manualfeed exch def /paperheight exch def /paperwidth exch def 0 ne /fMNegative exch def 0 ne /edown exch def /yscale exch def /xscale exch def fMLevel1 { manualfeed {setmanualfeed} if /FMdicttop countdictstack 1 add def /FMoptop count def setpapername manualfeed {true} {papersize} ifelse {manualpapersize} {false} ifelse {desperatepapersize} {false} ifelse {papersizefailure} if count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for } {2 dict dup /PageSize [paperwidth paperheight] put manualfeed {dup /ManualFeed manualfeed put} if {setpagedevice} stopped {papersizefailure} if } ifelse FMPColor { currentcolorscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def cvlit /orgbproc exch def /orgbangle exch def /orgbfreq exch def cvlit /orggproc exch def /orggangle exch def /orggfreq exch def cvlit /orgrproc exch def /orgrangle exch def /orgrfreq exch def currentcolortransfer fMNegative { 1 1 4 { pop { 1 exch sub } fmConcatProcs 4 1 roll } for 4 copy setcolortransfer } if cvlit /orgxfer exch def cvlit /orgbxfer exch def cvlit /orggxfer exch def cvlit /orgrxfer exch def } { currentscreen cvlit /orgproc exch def /organgle exch def /orgfreq exch def currenttransfer fMNegative { { 1 exch sub } fmConcatProcs dup settransfer } if cvlit /orgxfer exch def } ifelse end } def /FMBEGINPAGE { FrameDict begin /pagesave save def 3.86 setmiterlimit /landscape exch 0 ne def landscape { 90 rotate 0 exch dup /pwid exch def neg translate pop }{ pop /pwid exch def } ifelse edown { [-1 0 0 1 pwid 0] concat } if 0 0 moveto paperwidth 0 lineto paperwidth paperheight lineto 0 paperheight lineto 0 0 lineto 1 setgray fill xscale yscale scale /orgmatrix matrix def gsave } def /FMENDPAGE { grestore pagesave restore end showpage } def /FMFONTDEFINE { FrameDict begin findfont ReEncode 1 index exch definefont FMfonts 3 1 roll put end } def /FMFILLS { FrameDict begin dup array /fillvals exch def dict /patCache exch def end } def /FMFILL { FrameDict begin fillvals 3 1 roll put end } def /FMNORMALIZEGRAPHICS { newpath 1 setlinewidth 0 setlinecap 0 0 0 sethsbcolor 0 setgray } bind def /FMBEGINEPSF { end /FMEPSF save def /showpage {} def % See Adobe's "PostScript Language Reference Manual, 2nd Edition", page 714. % "...the following operators MUST NOT be used in an EPS file:" (emphasis ours) /banddevice {(banddevice) FMBADEPSF} def /clear {(clear) FMBADEPSF} def /cleardictstack {(cleardictstack) FMBADEPSF} def /copypage {(copypage) FMBADEPSF} def /erasepage {(erasepage) FMBADEPSF} def /exitserver {(exitserver) FMBADEPSF} def /framedevice {(framedevice) FMBADEPSF} def /grestoreall {(grestoreall) FMBADEPSF} def /initclip {(initclip) FMBADEPSF} def /initgraphics {(initgraphics) FMBADEPSF} def /quit {(quit) FMBADEPSF} def /renderbands {(renderbands) FMBADEPSF} def /setglobal {(setglobal) FMBADEPSF} def /setpagedevice {(setpagedevice) FMBADEPSF} def /setshared {(setshared) FMBADEPSF} def /startjob {(startjob) FMBADEPSF} def /lettertray {(lettertray) FMBADEPSF} def /letter {(letter) FMBADEPSF} def /lettersmall {(lettersmall) FMBADEPSF} def /11x17tray {(11x17tray) FMBADEPSF} def /11x17 {(11x17) FMBADEPSF} def /ledgertray {(ledgertray) FMBADEPSF} def /ledger {(ledger) FMBADEPSF} def /legaltray {(legaltray) FMBADEPSF} def /legal {(legal) FMBADEPSF} def /statementtray {(statementtray) FMBADEPSF} def /statement {(statement) FMBADEPSF} def /executivetray {(executivetray) FMBADEPSF} def /executive {(executive) FMBADEPSF} def /a3tray {(a3tray) FMBADEPSF} def /a3 {(a3) FMBADEPSF} def /a4tray {(a4tray) FMBADEPSF} def /a4 {(a4) FMBADEPSF} def /a4small {(a4small) FMBADEPSF} def /b4tray {(b4tray) FMBADEPSF} def /b4 {(b4) FMBADEPSF} def /b5tray {(b5tray) FMBADEPSF} def /b5 {(b5) FMBADEPSF} def FMNORMALIZEGRAPHICS [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall fx fw 2 div add fy fh 2 div add translate rotate fw 2 div neg fh 2 div neg translate fw urx llx sub div fh ury lly sub div scale llx neg lly neg translate /FMdicttop countdictstack 1 add def /FMoptop count def } bind def /FMENDEPSF { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMEPSF restore FrameDict begin } bind def FrameDict begin /setmanualfeed { %%BeginFeature *ManualFeed True statusdict /manualfeed true put %%EndFeature } bind def /max {2 copy lt {exch} if pop} bind def /min {2 copy gt {exch} if pop} bind def /inch {72 mul} def /pagedimen { paperheight sub abs 16 lt exch paperwidth sub abs 16 lt and {/papername exch def} {pop} ifelse } bind def /setpapername { /papersizedict 14 dict def papersizedict begin /papername /unknown def /Letter 8.5 inch 11.0 inch pagedimen /LetterSmall 7.68 inch 10.16 inch pagedimen /Tabloid 11.0 inch 17.0 inch pagedimen /Ledger 17.0 inch 11.0 inch pagedimen /Legal 8.5 inch 14.0 inch pagedimen /Statement 5.5 inch 8.5 inch pagedimen /Executive 7.5 inch 10.0 inch pagedimen /A3 11.69 inch 16.5 inch pagedimen /A4 8.26 inch 11.69 inch pagedimen /A4Small 7.47 inch 10.85 inch pagedimen /B4 10.125 inch 14.33 inch pagedimen /B5 7.16 inch 10.125 inch pagedimen end } bind def /papersize { papersizedict begin /Letter {lettertray letter} def /LetterSmall {lettertray lettersmall} def /Tabloid {11x17tray 11x17} def /Ledger {ledgertray ledger} def /Legal {legaltray legal} def /Statement {statementtray statement} def /Executive {executivetray executive} def /A3 {a3tray a3} def /A4 {a4tray a4} def /A4Small {a4tray a4small} def /B4 {b4tray b4} def /B5 {b5tray b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end statusdict begin stopped end } bind def /manualpapersize { papersizedict begin /Letter {letter} def /LetterSmall {lettersmall} def /Tabloid {11x17} def /Ledger {ledger} def /Legal {legal} def /Statement {statement} def /Executive {executive} def /A3 {a3} def /A4 {a4} def /A4Small {a4small} def /B4 {b4} def /B5 {b5} def /unknown {unknown} def papersizedict dup papername known {papername} {/unknown} ifelse get end stopped } bind def /desperatepapersize { statusdict /setpageparams known { paperwidth paperheight 0 1 statusdict begin {setpageparams} stopped end } {true} ifelse } bind def /papersizefailure { FMAllowPaperSizeMismatch not { (The requested paper size is not available in any currently-installed tray) (Edit the PS file to "FMAllowPaperSizeMismatch true" to use default tray) FMFAILURE } if } def /DiacriticEncoding [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quotesingle /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis /dagger /.notdef /cent /sterling /section /bullet /paragraph /germandbls /registered /copyright /trademark /acute /dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef /yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown /exclamdown /logicalnot /.notdef /florin /.notdef /.notdef /guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde /Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand /Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron ] def /ReEncode { dup length dict begin { 1 index /FID ne {def} {pop pop} ifelse } forall 0 eq {/Encoding DiacriticEncoding def} if currentdict end } bind def FMPColor { /BEGINBITMAPCOLOR { BITMAPCOLOR} def /BEGINBITMAPCOLORc { BITMAPCOLORc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUECOLOR } def /BEGINBITMAPTRUECOLORc { BITMAPTRUECOLORc } def /BEGINBITMAPCMYK { BITMAPCMYK } def /BEGINBITMAPCMYKc { BITMAPCMYKc } def } { /BEGINBITMAPCOLOR { BITMAPGRAY} def /BEGINBITMAPCOLORc { BITMAPGRAYc} def /BEGINBITMAPTRUECOLOR { BITMAPTRUEGRAY } def /BEGINBITMAPTRUECOLORc { BITMAPTRUEGRAYc } def /BEGINBITMAPCMYK { BITMAPCMYKGRAY } def /BEGINBITMAPCMYKc { BITMAPCMYKGRAYc } def } ifelse /K { FMPrintAllColorsAsBlack { dup 1 eq 2 index 1 eq and 3 index 1 eq and not {7 {pop} repeat 0 0 0 1 0 0 0} if } if FrameCurColors astore pop combineColor } bind def /graymode true def fMLevel1 { /fmGetFlip { fMatrix2 exch get mul 0 lt { -1 } { 1 } ifelse } FmBD } if /setPatternMode { fMLevel1 { 2 index patScreenDict exch known { pop pop patScreenDict exch get aload pop freq mul 5 2 roll fMatrix2 currentmatrix 1 get 0 ne { 3 -1 roll 90 add 3 1 roll sflipx 1 fmGetFlip sflipy 2 fmGetFlip neg mul } { sflipx 0 fmGetFlip sflipy 3 fmGetFlip mul } ifelse 0 lt {exch pop} {pop} ifelse fMNegative { {neg} fmConcatProcs } if bind systemdict /setscreen get exec /FrameCurGray exch def } { /bwidth exch def /bpside exch def /bstring exch def /onbits 0 def /offbits 0 def freq sangle landscape {90 add} if {/ypoint exch def /xpoint exch def /xindex xpoint 1 add 2 div bpside mul cvi def /yindex ypoint 1 add 2 div bpside mul cvi def bstring yindex bwidth mul xindex 8 idiv add get 1 7 xindex 8 mod sub bitshift and 0 ne fMNegative {not} if {/onbits onbits 1 add def 1} {/offbits offbits 1 add def 0} ifelse } setscreen offbits offbits onbits add div fMNegative {1.0 exch sub} if /FrameCurGray exch def } ifelse } { pop pop dup patCache exch known { patCache exch get } { dup patDict /bstring 3 -1 roll put patDict 9 PatFreq screenIndex get div dup matrix scale makepattern dup patCache 4 -1 roll 3 -1 roll put } ifelse /FrameCurGray 0 def /FrameCurPat exch def } ifelse /graymode false def combineColor } bind def /setGrayScaleMode { graymode not { /graymode true def fMLevel1 { setCurrentScreen } if } if /FrameCurGray exch def combineColor } bind def /normalize { transform round exch round exch itransform } bind def /dnormalize { dtransform round exch round exch idtransform } bind def /lnormalize { 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop } bind def /H { lnormalize setlinewidth } bind def /Z { setlinecap } bind def /PFill { graymode fMLevel1 or not { gsave 1 setgray eofill grestore } if } bind def /PStroke { graymode fMLevel1 or not { gsave 1 setgray stroke grestore } if stroke } bind def /X { fillvals exch get dup type /stringtype eq {8 1 setPatternMode} {setGrayScaleMode} ifelse } bind def /V { PFill gsave eofill grestore } bind def /Vclip { clip } bind def /Vstrk { currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /N { PStroke } bind def /Nclip { strokepath clip newpath } bind def /Nstrk { currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /M {newpath moveto} bind def /E {lineto} bind def /D {curveto} bind def /O {closepath} bind def /L { /n exch def newpath normalize moveto 2 1 n {pop normalize lineto} for } bind def /Y { L closepath } bind def /R { /y2 exch def /x2 exch def /y1 exch def /x1 exch def x1 y1 x2 y1 x2 y2 x1 y2 4 Y } bind def /rarc {rad arcto } bind def /RR { /rad exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def mark newpath { x1 y1 rad add moveto x1 y2 x2 y2 rarc x2 y2 x2 y1 rarc x2 y1 x1 y1 rarc x1 y1 x1 y2 rarc closepath } stopped {x1 y1 x2 y2 R} if cleartomark } bind def /RRR { /rad exch def normalize /y4 exch def /x4 exch def normalize /y3 exch def /x3 exch def normalize /y2 exch def /x2 exch def normalize /y1 exch def /x1 exch def newpath normalize moveto mark { x2 y2 x3 y3 rarc x3 y3 x4 y4 rarc x4 y4 x1 y1 rarc x1 y1 x2 y2 rarc closepath } stopped {x1 y1 x2 y2 x3 y3 x4 y4 newpath moveto lineto lineto lineto closepath} if cleartomark } bind def /C { grestore gsave R clip setCurrentScreen } bind def /CP { grestore gsave Y clip setCurrentScreen } bind def /F { FMfonts exch get FMpointsize scalefont setfont } bind def /Q { /FMpointsize exch def F } bind def /T { moveto show } bind def /RF { rotate 0 ne {-1 1 scale} if } bind def /TF { gsave moveto RF show grestore } bind def /P { moveto 0 32 3 2 roll widthshow } bind def /PF { gsave moveto RF 0 32 3 2 roll widthshow grestore } bind def /S { moveto 0 exch ashow } bind def /SF { gsave moveto RF 0 exch ashow grestore } bind def /B { moveto 0 32 4 2 roll 0 exch awidthshow } bind def /BF { gsave moveto RF 0 32 4 2 roll 0 exch awidthshow grestore } bind def /G { gsave newpath normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath PFill fill grestore } bind def /Gstrk { savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /Gclip { newpath savematrix normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath clip newpath restorematrix } bind def /GG { gsave newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath PFill fill grestore } bind def /GGclip { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath clip newpath restorematrix } bind def /GGstrk { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath restorematrix currentlinewidth exch setlinewidth PStroke setlinewidth } bind def /A { gsave savematrix newpath 2 index 2 div add exch 3 index 2 div sub exch normalize 2 index 2 div sub exch 3 index 2 div add exch translate scale 0.0 0.0 1.0 5 3 roll arc restorematrix PStroke grestore } bind def /Aclip { newpath savematrix normalize translate 0.0 0.0 moveto dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath strokepath clip newpath restorematrix } bind def /Astrk { Gstrk } bind def /AA { gsave savematrix newpath 3 index 2 div add exch 4 index 2 div sub exch normalize 3 index 2 div sub exch 4 index 2 div add exch translate rotate scale 0.0 0.0 1.0 5 3 roll arc restorematrix PStroke grestore } bind def /AAclip { savematrix newpath normalize translate 0.0 0.0 moveto rotate dnormalize scale 0.0 0.0 1.0 5 3 roll arc closepath strokepath clip newpath restorematrix } bind def /AAstrk { GGstrk } bind def /BEGINPRINTCODE { /FMdicttop countdictstack 1 add def /FMoptop count 7 sub def /FMsaveobject save def userdict begin /showpage {} def FMNORMALIZEGRAPHICS 3 index neg 3 index neg translate } bind def /ENDPRINTCODE { count -1 FMoptop {pop pop} for countdictstack -1 FMdicttop {pop end} for FMsaveobject restore } bind def /gn { 0 { 46 mul cf read pop 32 sub dup 46 lt {exit} if 46 sub add } loop add } bind def /cfs { /str sl string def 0 1 sl 1 sub {str exch val put} for str def } bind def /ic [ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 0 {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} ] def /ms { /sl exch def /val 255 def /ws cfs /im cfs /val 0 def /bs cfs /cs cfs } bind def 400 ms /ip { is 0 cf cs readline pop { ic exch get exec add } forall pop } bind def /rip { bis ris copy pop is 0 cf cs readline pop { ic exch get exec add } forall pop pop ris gis copy pop dup is exch cf cs readline pop { ic exch get exec add } forall pop pop gis bis copy pop dup add is exch cf cs readline pop { ic exch get exec add } forall pop } bind def /rip4 { kis cis copy pop is 0 cf cs readline pop { ic exch get exec add } forall pop pop cis mis copy pop dup is exch cf cs readline pop { ic exch get exec add } forall pop pop mis yis copy pop dup dup add is exch cf cs readline pop { ic exch get exec add } forall pop pop yis kis copy pop 3 mul is exch cf cs readline pop { ic exch get exec add } forall pop } bind def /wh { /len exch def /pos exch def ws 0 len getinterval im pos len getinterval copy pop pos len } bind def /bl { /len exch def /pos exch def bs 0 len getinterval im pos len getinterval copy pop pos len } bind def /s1 1 string def /fl { /len exch def /pos exch def /val cf s1 readhexstring pop 0 get def pos 1 pos len add 1 sub {im exch val put} for pos len } bind def /hx { 3 copy getinterval cf exch readhexstring pop pop } bind def /wbytes { dup dup 8 gt { pop 8 idiv mul } { 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse } ifelse } bind def /BEGINBITMAPBWc { 1 {} COMMONBITMAPc } bind def /BEGINBITMAPGRAYc { 8 {} COMMONBITMAPc } bind def /BEGINBITMAP2BITc { 2 {} COMMONBITMAPc } bind def /COMMONBITMAPc { /cvtProc exch def /depth exch def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def cvtProc /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height depth [width 0 0 height neg 0 height] {ip} image bitmapsave restore grestore } bind def /BEGINBITMAPBW { 1 {} COMMONBITMAP } bind def /BEGINBITMAPGRAY { 8 {} COMMONBITMAP } bind def /BEGINBITMAP2BIT { 2 {} COMMONBITMAP } bind def /COMMONBITMAP { /cvtProc exch def /depth exch def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def cvtProc /is width depth wbytes string def /cf currentfile def width height depth [width 0 0 height neg 0 height] {cf is readhexstring pop} image bitmapsave restore grestore } bind def /ngrayt 256 array def /nredt 256 array def /nbluet 256 array def /ngreent 256 array def fMLevel1 { /colorsetup { currentcolortransfer /gryt exch def /blut exch def /grnt exch def /redt exch def 0 1 255 { /indx exch def /cynu 1 red indx get 255 div sub def /magu 1 green indx get 255 div sub def /yelu 1 blue indx get 255 div sub def /kk cynu magu min yelu min def /u kk currentundercolorremoval exec def % /u 0 def nredt indx 1 0 cynu u sub max sub redt exec put ngreent indx 1 0 magu u sub max sub grnt exec put nbluet indx 1 0 yelu u sub max sub blut exec put ngrayt indx 1 kk currentblackgeneration exec sub gryt exec put } for {255 mul cvi nredt exch get} {255 mul cvi ngreent exch get} {255 mul cvi nbluet exch get} {255 mul cvi ngrayt exch get} setcolortransfer {pop 0} setundercolorremoval {} setblackgeneration } bind def } { /colorSetup2 { [ /Indexed /DeviceRGB 255 {dup red exch get 255 div exch dup green exch get 255 div exch blue exch get 255 div} ] setcolorspace } bind def } ifelse /fakecolorsetup { /tran 256 string def 0 1 255 {/indx exch def tran indx red indx get 77 mul green indx get 151 mul blue indx get 28 mul add add 256 idiv put} for currenttransfer {255 mul cvi tran exch get 255.0 div} exch fmConcatProcs settransfer } bind def /BITMAPCOLOR { /depth 8 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def fMLevel1 { colorsetup /is width depth wbytes string def /cf currentfile def width height depth [width 0 0 height neg 0 height] {cf is readhexstring pop} {is} {is} true 3 colorimage } { colorSetup2 /is width depth wbytes string def /cf currentfile def 7 dict dup begin /ImageType 1 def /Width width def /Height height def /ImageMatrix [width 0 0 height neg 0 height] def /DataSource {cf is readhexstring pop} bind def /BitsPerComponent depth def /Decode [0 255] def end image } ifelse bitmapsave restore grestore } bind def /BITMAPCOLORc { /depth 8 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def fMLevel1 { colorsetup /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height depth [width 0 0 height neg 0 height] {ip} {is} {is} true 3 colorimage } { colorSetup2 /is im 0 lb getinterval def ws 0 lb getinterval is copy pop /cf currentfile def 7 dict dup begin /ImageType 1 def /Width width def /Height height def /ImageMatrix [width 0 0 height neg 0 height] def /DataSource {ip} bind def /BitsPerComponent depth def /Decode [0 255] def end image } ifelse bitmapsave restore grestore } bind def /BITMAPTRUECOLORc { /depth 24 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /ris im 0 width getinterval def /gis im width width getinterval def /bis im width 2 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop ris} {gis} {bis} true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCMYKc { /depth 32 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /cis im 0 width getinterval def /mis im width width getinterval def /yis im width 2 mul width getinterval def /kis im width 3 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip4 pop cis} {mis} {yis} {kis} true 4 colorimage bitmapsave restore grestore } bind def /BITMAPTRUECOLOR { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /gis width string def /bis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop } { cf gis readhexstring pop } { cf bis readhexstring pop } true 3 colorimage bitmapsave restore grestore } bind def /BITMAPCMYK { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /mis width string def /yis width string def /kis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop } { cf mis readhexstring pop } { cf yis readhexstring pop } { cf kis readhexstring pop } true 4 colorimage bitmapsave restore grestore } bind def /BITMAPTRUEGRAYc { /depth 24 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /ris im 0 width getinterval def /gis im width width getinterval def /bis im width 2 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop ris gis bis width gray} image bitmapsave restore grestore } bind def /BITMAPCMYKGRAYc { /depth 32 def gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /lb width depth wbytes def sl lb lt {lb ms} if /bitmapsave save def /is im 0 lb getinterval def /cis im 0 width getinterval def /mis im width width getinterval def /yis im width 2 mul width getinterval def /kis im width 3 mul width getinterval def ws 0 lb getinterval is copy pop /cf currentfile def width height 8 [width 0 0 height neg 0 height] {width rip pop cis mis yis kis width cgray} image bitmapsave restore grestore } bind def /cgray { /ww exch def /k exch def /y exch def /m exch def /c exch def 0 1 ww 1 sub { /i exch def c i get m i get y i get k i get CMYKtoRGB .144 mul 3 1 roll .587 mul 3 1 roll .299 mul add add c i 3 -1 roll floor cvi put } for c } bind def /gray { /ww exch def /b exch def /g exch def /r exch def 0 1 ww 1 sub { /i exch def r i get .299 mul g i get .587 mul b i get .114 mul add add r i 3 -1 roll floor cvi put } for r } bind def /BITMAPTRUEGRAY { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /gis width string def /bis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop cf gis readhexstring pop cf bis readhexstring pop width gray} image bitmapsave restore grestore } bind def /BITMAPCMYKGRAY { gsave 3 index 2 div add exch 4 index 2 div add exch translate rotate 1 index 2 div neg 1 index 2 div neg translate scale /height exch def /width exch def /bitmapsave save def /is width string def /yis width string def /mis width string def /kis width string def /cf currentfile def width height 8 [width 0 0 height neg 0 height] { cf is readhexstring pop cf mis readhexstring pop cf yis readhexstring pop cf kis readhexstring pop width cgray} image bitmapsave restore grestore } bind def /BITMAPGRAY { 8 {fakecolorsetup} COMMONBITMAP } bind def /BITMAPGRAYc { 8 {fakecolorsetup} COMMONBITMAPc } bind def /ENDBITMAP { } bind def end /ALDmatrix matrix def ALDmatrix currentmatrix pop /StartALD { /ALDsave save def savematrix ALDmatrix setmatrix } bind def /InALD { restorematrix } bind def /DoneALD { ALDsave restore } bind def /I { setdash } bind def /J { [] 0 setdash } bind def %%EndProlog %%BeginSetup (5.0) FMVERSION 1 1 0 0 612 792 0 1 12 FMDOCUMENT 0 0 /Times-Roman FMFONTDEFINE 1 0 /Helvetica-Bold FMFONTDEFINE 2 0 /Times-Italic FMFONTDEFINE 3 0 /Helvetica-BoldOblique FMFONTDEFINE 4 0 /Courier FMFONTDEFINE 32 FMFILLS 0 0 FMFILL 1 0.1 FMFILL 2 0.3 FMFILL 3 0.5 FMFILL 4 0.7 FMFILL 5 0.9 FMFILL 6 0.97 FMFILL 7 1 FMFILL 8 <0f1e3c78f0e1c387> FMFILL 9 <0f87c3e1f0783c1e> FMFILL 10 FMFILL 11 FMFILL 12 <8142241818244281> FMFILL 13 <03060c183060c081> FMFILL 14 <8040201008040201> FMFILL 16 1 FMFILL 17 0.9 FMFILL 18 0.7 FMFILL 19 0.5 FMFILL 20 0.3 FMFILL 21 0.1 FMFILL 22 0.03 FMFILL 23 0 FMFILL 24 FMFILL 25 FMFILL 26 <3333333333333333> FMFILL 27 <0000ffff0000ffff> FMFILL 28 <7ebddbe7e7dbbd7e> FMFILL 29 FMFILL 30 <7fbfdfeff7fbfdfe> FMFILL %%EndSetup %%Page: "1" 1 %%BeginPaperSize: Letter %%EndPaperSize 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K J 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 9 558 36 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 30.67 T (1) 306 30.67 T 54 54 297 621 R 7 X V 1 10 Q 0 X (INTR) 54 614.33 T (ODUCTION) 77.13 614.33 T 0 F 0.25 0.09 (Since its release in May of 1995, Ja) 54 598.33 B 0.25 0.09 (v) 200.97 598.33 B 0.25 0.09 (a has swept across the) 205.81 598.33 B 0.25 0.71 (Internet. W) 54 587.33 B 0.25 0.71 (ith its promise of truly netw) 107.2 587.33 B 0.25 0.71 (ork oriented) 240.34 587.33 B 0.25 0.28 (computing and a nearly uni) 54 576.33 B 0.25 0.28 (v) 171.5 576.33 B 0.25 0.28 (ersal system for distrib) 176.63 576.33 B 0.25 0.28 (uting) 275.31 576.33 B 0.25 0.08 (applications, Ja) 54 565.33 B 0.25 0.08 (v) 116.99 565.33 B 0.25 0.08 (a is widely seen as the solution to man) 121.82 565.33 B 0.25 0.08 (y of) 280.68 565.33 B 0.25 0.04 (the most persistent problems in client/serv) 54 554.33 B 0.25 0.04 (er computing and) 225.93 554.33 B 0.25 0.46 (on the W) 54 543.33 B 0.25 0.46 (orld W) 94.03 543.33 B 0.25 0.46 (ide W) 124.68 543.33 B 0.25 0.46 (eb) 150.59 543.33 B 0.25 0.46 (. Ho) 160.54 543.33 B 0.25 0.46 (we) 179.6 543.33 B 0.25 0.46 (v) 191.93 543.33 B 0.25 0.46 (er) 197.24 543.33 B 0.25 0.46 (, this same ability to) 205.52 543.33 B 0.25 0.05 (distrib) 54 532.33 B 0.25 0.05 (ute e) 79.72 532.33 B 0.25 0.05 (x) 99.23 532.33 B 0.25 0.05 (ecutables automatically o) 104.13 532.33 B 0.25 0.05 (v) 207.4 532.33 B 0.25 0.05 (er the netw) 212.3 532.33 B 0.25 0.05 (ork raises) 257.69 532.33 B 0.25 0.36 (concerns about Ja) 54 521.33 B 0.25 0.36 (v) 131.51 521.33 B 0.25 0.36 (a\325) 136.62 521.33 B 0.25 0.36 (s ef) 144.56 521.33 B 0.25 0.36 (fect on netw) 160.15 521.33 B 0.25 0.36 (ork security) 214.3 521.33 B 0.25 0.36 (. These) 265.71 521.33 B 0.25 0.13 (concerns ha) 54 510.33 B 0.25 0.13 (v) 102.93 510.33 B 0.25 0.13 (e been heightened by the disco) 107.91 510.33 B 0.25 0.13 (v) 235.85 510.33 B 0.25 0.13 (ery of se) 240.83 510.33 B 0.25 0.13 (v) 276.65 510.33 B 0.25 0.13 (eral) 281.63 510.33 B (security related b) 54 499.33 T (ugs in e) 122.67 499.33 T (xisting Ja) 153.63 499.33 T (v) 191.49 499.33 T (a implementations.) 196.24 499.33 T 0.25 0.01 (This paper discusses these concerns and ho) 54 480.33 B 0.25 0.01 (w Ja) 228.47 480.33 B 0.25 0.01 (v) 246.61 480.33 B 0.25 0.01 (a addresses) 251.38 480.33 B 0.25 0.09 (them. It also describes se) 54 469.33 B 0.25 0.09 (v) 157.44 469.33 B 0.25 0.09 (eral ef) 162.39 469.33 B 0.25 0.09 (forts underw) 188.3 469.33 B 0.25 0.09 (ay to enhance) 240.4 469.33 B 0.25 0.13 (and e) 54 458.33 B 0.25 0.13 (xtend the Ja) 76.14 458.33 B 0.25 0.13 (v) 125.79 458.33 B 0.25 0.13 (a security model. It is di) 130.67 458.33 B 0.25 0.13 (vided into three) 231.75 458.33 B 0.25 0.37 (sections. The f) 54 447.33 B 0.25 0.37 (irst section describes Ja) 118.08 447.33 B 0.25 0.37 (v) 222.01 447.33 B 0.25 0.37 (a in general and) 227.13 447.33 B 0.25 0.01 (discusses the security implications of Ja) 54 436.33 B 0.25 0.01 (v) 215.22 436.33 B 0.25 0.01 (a. Readers who are) 219.98 436.33 B -0.14 (already f) 54 425.33 P -0.14 (amiliar with Ja) 89.02 425.33 P -0.14 (v) 147.98 425.33 P -0.14 (a may wish to proceed to the second) 152.73 425.33 P 0.25 0.14 (section which discusses computer security in general, ho) 54 414.33 B 0.25 0.14 (w) 289.78 414.33 B 2.14 1.25 (security af) 54 403.33 B 2.14 1.25 (fects netw) 111.57 403.33 B 2.14 1.25 (ork) 166.93 403.33 B 2.14 1.25 (ed systems and some) 183.91 403.33 B 1.86 1.25 (misconceptions about security) 54 392.33 B 1.86 1.25 (. Because these) 214.41 392.33 B 0.25 0.32 (misconceptions are v) 54 381.33 B 0.25 0.32 (ery common and af) 145.1 381.33 B 0.25 0.32 (fect ho) 228.46 381.33 B 0.25 0.32 (w people) 258.16 381.33 B 0.25 0.12 (approach ne) 54 370.33 B 0.25 0.12 (w technology) 103.94 370.33 B 0.25 0.12 (, readers who are unf) 159.18 370.33 B 0.25 0.12 (amiliar with) 246.79 370.33 B 0.25 0.17 (general security issues are encouraged to read this section) 54 359.33 B 0.25 0.55 (carefully) 54 348.33 B 0.25 0.55 (. The third section discusses Ja) 93.82 348.33 B 0.25 0.55 (v) 235.74 348.33 B 0.25 0.55 (a security in) 241.04 348.33 B 0.25 0.08 (particular) 54 337.33 B 0.25 0.08 (, looks at ho) 92.69 337.33 B 0.25 0.08 (w the security model is implemented,) 143.07 337.33 B (and describes upcoming e) 54 326.33 T (xtensions to the security model.) 157.44 326.33 T 1 F (J) 54 303.33 T (A) 59.36 303.33 T (V) 65.78 303.33 T (A) 71.65 303.33 T (The Ja) 54 280.33 T (v) 85.53 280.33 T (a Platf) 90.89 280.33 T (orm) 120.7 280.33 T 0 F 0.25 0.16 (Ja) 54 264.33 B 0.25 0.16 (v) 62.45 264.33 B 0.25 0.16 (a is a re) 67.35 264.33 B 0.25 0.16 (v) 100.1 264.33 B 0.25 0.16 (olutionary ne) 105.05 264.33 B 0.25 0.16 (w application platform from Sun) 160.16 264.33 B 0.25 0.54 (Microsystems. Lik) 54 253.33 B 0.25 0.54 (e other operating systems, the Ja) 138.36 253.33 B 0.25 0.54 (v) 287.27 253.33 B 0.25 0.54 (a) 292.56 253.33 B -0.18 (platform pro) 54 242.33 P -0.18 (vides de) 103.94 242.33 P -0.18 (v) 136.56 242.33 P -0.18 (elopers with I/O, netw) 141.41 242.33 P -0.18 (orking, windo) 230.21 242.33 P -0.18 (ws) 285.89 242.33 P 0.25 0.44 (and graphics capabilities and other f) 54 231.33 B 0.25 0.44 (acilities needed to) 216.29 231.33 B 0.25 0.62 (de) 54 220.33 B 0.25 0.62 (v) 64.43 220.33 B 0.25 0.62 (elop and run sophisticated applications. The Ja) 69.9 220.33 B 0.25 0.62 (v) 287.19 220.33 B 0.25 0.62 (a) 292.56 220.33 B 0.25 0.08 (platform also pro) 54 209.33 B 0.25 0.08 (vides an important capability not found in) 124.55 209.33 B 0.25 0.39 (traditional operating systems. This ability) 54 198.33 B 0.25 0.39 (, called Write) 237.33 198.33 B 0.25 0.35 (Once/Run An) 54 187.33 B 0.25 0.35 (ywhere e) 113.2 187.33 B 0.25 0.35 (x) 152.45 187.33 B 0.25 0.35 (ecutables, allo) 157.65 187.33 B 0.25 0.35 (ws Ja) 220.08 187.33 B 0.25 0.35 (v) 243.81 187.33 B 0.25 0.35 (a programs) 248.91 187.33 B 0.25 0.09 (written on one type of hardw) 54 176.33 B 0.25 0.09 (are or operating system to run) 173.46 176.33 B (unmodi\336ed on almost an) 54 165.33 T (y other type of computer) 153.02 165.33 T (.) 251.34 165.33 T 0.25 0.22 (Applications written for traditional operating systems are) 54 146.33 B 0.25 0.07 (tied directly to that platform and cannot be easily mo) 54 135.33 B 0.25 0.07 (v) 271.83 135.33 B 0.25 0.07 (ed to) 276.75 135.33 B 0.25 0.03 (another machine or operating system. This locks de) 54 124.33 B 0.25 0.03 (v) 263.06 124.33 B 0.25 0.03 (elopers) 267.94 124.33 B -0.08 (to that particular) 54 113.33 P -0.08 (, often proprietary) 119.54 113.33 P -0.08 (, system. If the application) 191.21 113.33 P 0.25 0.17 (must be deplo) 54 102.33 B 0.25 0.17 (yed on other platforms, the de) 112.77 102.33 B 0.25 0.17 (v) 238.98 102.33 B 0.25 0.17 (elopers must) 244 102.33 B 0.24 (port the application to those platforms. These porting ef) 54 91.33 P 0.24 (forts) 278.67 91.33 P 0.25 0.11 (are often e) 54 80.33 B 0.25 0.11 (xpensi) 97.74 80.33 B 0.25 0.11 (v) 124.26 80.33 B 0.25 0.11 (e and w) 129.21 80.33 B 0.25 0.11 (aste resources that could be used) 161.48 80.33 B 0.25 0.56 (for ne) 54 69.33 B 0.25 0.56 (w de) 80.97 69.33 B 0.25 0.56 (v) 102.37 69.33 B 0.25 0.56 (elopment. Because ports to the secondary) 107.78 69.33 B 0.25 0.11 (platforms often lag behind the primary platform by se) 54 58.33 B 0.25 0.11 (v) 276.71 58.33 B 0.25 0.11 (eral) 281.67 58.33 B 315 54 558 621 R 7 X V 0 X 0.11 (months, the application lock of traditional operating systems) 315 614.33 P 0.25 0.51 (also forces the or) 315 603.33 B 0.25 0.51 (g) 393.4 603.33 B 0.25 0.51 (anization to support man) 398.86 603.33 B 0.25 0.51 (y dif) 510.94 603.33 B 0.25 0.51 (ferent) 532.11 603.33 B 0.25 0.27 (v) 315 592.33 B 0.25 0.27 (ersions of the application. This administrati) 320.12 592.33 B 0.25 0.27 (v) 506.95 592.33 B 0.25 0.27 (e o) 512.07 592.33 B 0.25 0.27 (v) 524.91 592.33 B 0.25 0.27 (erhead) 530.02 592.33 B 0.25 0.32 (mak) 315 581.33 B 0.25 0.32 (es netw) 333.07 581.33 B 0.25 0.32 (ork) 365.7 581.33 B 0.25 0.32 (ed computing with traditional PCs a v) 379.88 581.33 B 0.25 0.32 (ery) 544.6 581.33 B (e) 315 570.33 T (xpensi) 319.29 570.33 T (v) 345.15 570.33 T (e proposition.) 350 570.33 T 0 8 Q (1) 405 574.33 T 0 10 Q 0.25 0.5 (W) 315 551.33 B 0.25 0.5 (ith their Write Once/Run An) 324.54 551.33 B 0.25 0.5 (ywhere capability) 453.4 551.33 B 0.25 0.5 (, Ja) 532.92 551.33 B 0.25 0.5 (v) 548.31 551.33 B 0.25 0.5 (a) 553.56 551.33 B 0.25 0.08 (applications do not suf) 315 540.33 B 0.25 0.08 (fer from these problems. De) 408.23 540.33 B 0.25 0.08 (v) 523.69 540.33 B 0.25 0.08 (elopers) 528.62 540.33 B 0.25 0.57 (w) 315 529.33 B 0.25 0.57 (orking on a Sun Ultra computer running the Solaris) 322.69 529.33 B 0.21 (operating system can produce an e) 315 518.33 P 0.21 (x) 453.93 518.33 P 0.21 (ecutable which also runs) 458.78 518.33 P 0.25 0.54 (on W) 315 507.33 B 0.25 0.54 (indo) 338.95 507.33 B 0.25 0.54 (ws PCs, Macintosh and man) 358.65 507.33 B 0.25 0.54 (y other types of) 486.64 507.33 B 0.25 0.13 (computers without an) 315 496.33 B 0.25 0.13 (y porting. This frees up de) 404.69 496.33 B 0.25 0.13 (v) 514.86 496.33 B 0.25 0.13 (elopment) 519.84 496.33 B 0.25 0.11 (resources for other w) 315 485.33 B 0.25 0.11 (ork and ensures that ne) 402.7 485.33 B 0.25 0.11 (w applications) 498.24 485.33 B 0.25 0.32 (and ne) 315 474.33 B 0.25 0.32 (w v) 343.33 474.33 B 0.25 0.32 (ersions of old applications are simultaneously) 359.12 474.33 B (a) 315 463.33 T (v) 319.24 463.33 T (ailable for all platforms in an or) 323.99 463.33 T (g) 451.01 463.33 T (anization.) 455.96 463.33 T 1 F (The Vir) 315 441.33 T (tual Mac) 349.1 441.33 T (hine) 389.01 441.33 T 0 F 0.25 0.41 (Ja) 315 425.33 B 0.25 0.41 (v) 323.96 425.33 B 0.25 0.41 (a pro) 329.13 425.33 B 0.25 0.41 (vides its Write Once/Run An) 351.57 425.33 B 0.25 0.41 (ywhere capability) 479.73 425.33 B 0.25 0.19 (through the Ja) 315 414.33 B 0.25 0.19 (v) 374.55 414.33 B 0.25 0.19 (a V) 379.49 414.33 B 0.25 0.19 (irtual Machine. The V) 393.86 414.33 B 0.25 0.19 (irtual Machine is) 486.77 414.33 B 0.25 0.01 (implemented on top of a machine\325) 315 403.33 B 0.25 0.01 (s nati) 453.51 403.33 B 0.25 0.01 (v) 474.96 403.33 B 0.25 0.01 (e operating system.) 479.82 403.33 B 0.25 0.32 (Ja) 315 392.33 B 0.25 0.32 (v) 323.78 392.33 B 0.25 0.32 (a applications run on top of the virtual machine. The) 328.86 392.33 B 0.25 0.2 (virtual machine insulates the application from dif) 315 381.33 B 0.25 0.2 (ferences) 523.31 381.33 B 0.25 0.28 (between underlying operating systems and hardw) 315 370.33 B 0.25 0.28 (are and) 526.93 370.33 B 0.25 1.19 (ensures cross platform compatibility among all) 315 359.33 B (implementations of the Ja) 315 348.33 T (v) 417.85 348.33 T (a platform \050see \336g. 1\051.) 422.6 348.33 T 0.25 0.1 (The Ja) 315 154.71 B 0.25 0.1 (v) 342 154.71 B 0.25 0.1 (a V) 346.85 154.71 B 0.25 0.1 (irtual machine w) 360.95 154.71 B 0.25 0.1 (as f) 430.09 154.71 B 0.25 0.1 (irst widely a) 444.33 154.71 B 0.25 0.1 (v) 495.31 154.71 B 0.25 0.1 (ailable in web) 500.16 154.71 B 0.25 0.09 (bro) 315 143.71 B 0.25 0.09 (wsers. Ja) 328.33 143.71 B 0.25 0.09 (v) 365.25 143.71 B 0.25 0.09 (a-enabled bro) 370.08 143.71 B 0.25 0.09 (wsers are currently a) 425.89 143.71 B 0.25 0.09 (v) 511.24 143.71 B 0.25 0.09 (ailable for) 516.08 143.71 B 315 117 558 137.09 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 315 124.99 446.98 124.99 2 L 0.25 H 2 Z 0 X 0 0 0 1 0 0 0 K N 0 0 612 792 C 0 9.5 Q 0 X 0 0 0 1 0 0 0 K 1.12 (1 A recent report from F) 315 110.67 P 1.12 (orrester Research estimates that, for) 417.11 110.67 P -0.09 (companies aggressi) 315 100.67 P -0.09 (v) 388.82 100.67 P -0.09 (ely managing their PC related costs, cost of) 393.42 100.67 P 3.11 (o) 315 90.67 P 3.11 (wnership for the a) 319.51 90.67 P 3.11 (v) 397.5 90.67 P 3.11 (erage PC ranges between $3,500 and) 402.11 90.67 P 1 ($5,000 per year) 315 80.67 P 1 (. Other studies ha) 375.84 80.67 P 1 (v) 445.14 80.67 P 1 (e sho) 449.75 80.67 P 1 (wn that for companies) 470.3 80.67 P 0.19 (which are not closely w) 315 70.67 P 0.19 (atching PC related costs, cost of o) 405.9 70.67 P 0.19 (wner-) 535.85 70.67 P (ship can be as high as $12,000 per year) 315 60.67 T (.) 463.54 60.67 T 0 0 0 1 0 0 0 K 315 170.38 558 345 C 0 0 0 1 0 0 0 K 321.88 311.75 547.5 334.87 R 7 X 0 0 0 1 0 0 0 K V 0.5 H 2 Z 0 X N 0 10 Q (Ja) 399.02 322.04 T (v) 407.15 322.04 T (a Applications) 411.9 322.04 T 322.38 286.25 548 307.5 R 7 X V 0 X N (Ja) 392.5 294.87 T (v) 400.63 294.87 T (a V) 405.38 294.87 T (irtual Machine) 418.94 294.87 T 322.5 231.5 373.75 279 R 7 X V 0 X N 380.5 232.12 431.75 279.62 R 7 X V 0 X N 439.13 231.5 490.38 279 R 7 X V 0 X N 496.5 232.12 547.75 279.62 R 7 X V 0 X N (Solaris) 336.25 253.62 T (W) 388.13 253.62 T (indo) 397.17 253.62 T (ws) 414.7 253.62 T (MacOS) 451.25 253.62 T (Ja) 505.63 253.62 T (v) 513.76 253.62 T (aOS) 518.51 253.62 T 322.38 206.62 373.63 228.5 R 7 X V 0 X N 380.38 206.62 431.63 228.5 R 7 X V 0 X N 439.63 206.62 490.88 228.5 R 7 X V 0 X N 496.38 206.62 547.63 228.5 R 7 X V 0 X N 0 9 Q (SP) 325.63 216.75 T (ARC/Intel) 334.81 216.75 T (Intel/Others) 385 216.12 T (Po) 448.75 216.12 T (werPC) 458.03 216.12 T (Thin Clients) 500.63 217.37 T (Fig. 1 The Ja) 321.88 193.62 T (v) 368.7 193.62 T (a V) 372.97 193.62 T (irtual Machine sits between a nati) 385.17 193.62 T (v) 506.18 193.62 T (e operating) 510.54 193.62 T (system and Ja) 321.88 184.62 T (v) 371.69 184.62 T (a applications, allo) 375.97 184.62 T (wing a single e) 443.48 184.62 T (x) 497.59 184.62 T (ecutable to) 501.96 184.62 T (run on man) 321.88 175.62 T (y dif) 362.74 175.62 T (ferent systems.) 379.26 175.62 T 0 0 0 1 0 0 0 K 0 0 612 792 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 630 558 740.88 R 7 X 0 0 0 1 0 0 0 K V 1 18 Q 0 X (Ja) 243.58 727.96 T (v) 263.33 727.96 T (a) 272.97 727.96 T 0 9.6 Q (\252) 282.98 732.76 T 1 18 Q ( Security) 292.39 727.96 T 2 12 Q (J) 212.98 692.23 T (. Ste) 218 692.23 T (ven F) 238.49 692.23 T (ritzing) 264.82 692.23 T (er) 296.04 692.23 T (, Marianne Mueller) 304.7 692.23 T 0 F (Sun Microsystems, Inc.) 249.34 676.23 T FMENDPAGE %%EndPage: "1" 1 %%Page: "2" 2 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 18 558 45 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 39.67 T (2) 306 39.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 0.11 (the major v) 54 731.33 B 0.25 0.11 (ersions of the Unix operating system, W) 101.1 731.33 B 0.25 0.11 (indo) 267.82 731.33 B 0.25 0.11 (ws) 285.78 731.33 B 0.25 0.49 (3.1, 95, and NT) 54 720.33 B 0.25 0.49 (, the MacOS and OS/2 W) 124.1 720.33 B 0.25 0.49 (arp. The Ja) 237.5 720.33 B 0.25 0.49 (v) 287.32 720.33 B 0.25 0.49 (a) 292.56 720.33 B 0.25 0.42 (V) 54 709.33 B 0.25 0.42 (irtual Machine has also been licensed by e) 61.04 709.33 B 0.25 0.42 (v) 249.48 709.33 B 0.25 0.42 (ery major) 254.76 709.33 B 0.25 0.54 (operating systems v) 54 698.33 B 0.25 0.54 (endor) 144.07 698.33 B 0.25 0.54 (, including Apple, HP) 169.15 698.33 B 0.25 0.54 (, IBM,) 267.65 698.33 B 0.25 0.09 (Microsoft and SunSoft. These v) 54 687.33 B 0.25 0.09 (endors will b) 184.95 687.33 B 0.25 0.09 (undle the Ja) 238.61 687.33 B 0.25 0.09 (v) 287.72 687.33 B 0.25 0.09 (a) 292.56 687.33 B 0.25 0.4 (V) 54 676.33 B 0.25 0.4 (irtual Machine with their operating systems. As these) 61.02 676.33 B 0.25 0.35 (implementations become a) 54 665.33 B 0.25 0.35 (v) 169.84 665.33 B 0.25 0.35 (ailable o) 174.94 665.33 B 0.25 0.35 (v) 212.32 665.33 B 0.25 0.35 (er the ne) 217.52 665.33 B 0.25 0.35 (xt se) 255.43 665.33 B 0.25 0.35 (v) 275.77 665.33 B 0.25 0.35 (eral) 280.97 665.33 B 0.25 0.2 (months, Ja) 54 654.33 B 0.25 0.2 (v) 98.83 654.33 B 0.25 0.2 (a will become a standard part of all important) 103.79 654.33 B (operating systems, and an e) 54 643.33 T (xpected part of e) 164.11 643.33 T (v) 230.78 643.33 T (ery desktop.) 235.63 643.33 T 1 F (Applets) 54 621.33 T 0 F 0.25 0.17 (W) 54 605.33 B 0.25 0.17 (eb Applets are one of the most e) 62.81 605.33 B 0.25 0.17 (xciting uses of the Ja) 199.12 605.33 B 0.25 0.17 (v) 287.64 605.33 B 0.25 0.17 (a) 292.56 605.33 B 0.18 (Platform. Applets are small pieces of e) 54 594.33 P 0.18 (x) 210.16 594.33 P 0.18 (ecutable code which) 215.01 594.33 P 0.25 0.12 (may be included in W) 54 583.33 B 0.25 0.12 (eb pages and which run inside of the) 144.84 583.33 B 0.25 0.46 (user\325) 54 572.33 B 0.25 0.46 (s bro) 75.76 572.33 B 0.25 0.46 (wser) 97.8 572.33 B 0.25 0.46 (. While traditional web pages ha) 117.98 572.33 B 0.25 0.46 (v) 263.3 572.33 B 0.25 0.46 (e been) 268.61 572.33 B 0.25 0.48 (limited to simple te) 54 561.33 B 0.25 0.48 (xt and graphics, applets allo) 141.76 561.33 B 0.25 0.48 (w web) 268.44 561.33 B 0.25 0.1 (publishers to include sophisticated, interacti) 54 550.33 B 0.25 0.1 (v) 235.22 550.33 B 0.25 0.1 (e applications) 240.17 550.33 B 0.25 0.22 (in their pages. F) 54 539.33 B 0.25 0.22 (or e) 122.72 539.33 B 0.25 0.22 (xample, a stock brok) 138.96 539.33 B 0.25 0.22 (er might w) 227.27 539.33 B 0.25 0.22 (ant to) 273.17 539.33 B 0.25 0.49 (publish the results of a f) 54 528.33 B 0.25 0.49 (inancial analysis model. W) 163.93 528.33 B 0.25 0.49 (ith) 285.45 528.33 B 0.25 0.21 (applets, instead of publishing a simple graph sho) 54 517.33 B 0.25 0.21 (wing the) 260.59 517.33 B 0.25 0.31 (results of the model, the brok) 54 506.33 B 0.25 0.31 (er could publish the model) 181.62 506.33 B 0.25 0.1 (itself, along with connections to li) 54 495.33 B 0.25 0.1 (v) 194.6 495.33 B 0.25 0.1 (e stock mark) 199.55 495.33 B 0.25 0.1 (et data and) 252.21 495.33 B (the customer\325) 54 484.33 T (s portfolio.) 108.16 484.33 T 1 F (Security Implications) 54 462.33 T 0 F 0.25 0.4 (While applets solv) 54 446.33 B 0.25 0.4 (e man) 135.98 446.33 B 0.25 0.4 (y of the important problems in) 162.23 446.33 B 0.25 0.04 (client/serv) 54 435.33 B 0.25 0.04 (er and netw) 95.93 435.33 B 0.25 0.04 (ork-centric computing, the) 143.39 435.33 B 0.25 0.04 (y also raise) 251.09 435.33 B 0.25 0.23 (ne) 54 424.33 B 0.25 0.23 (w concerns about security) 63.65 424.33 B 0.25 0.23 (. In traditional en) 173.62 424.33 B 0.25 0.23 (vironments,) 247.21 424.33 B 0.25 0.04 (companies could protect themselv) 54 413.33 B 0.25 0.04 (es by controlling ph) 192.25 413.33 B 0.25 0.04 (ysical) 273.47 413.33 B 0.25 0.49 (and netw) 54 402.33 B 0.25 0.49 (ork access to their computers by establishing) 94.46 402.33 B 0.25 0.34 (policies for what kinds of softw) 54 391.33 B 0.25 0.34 (are can be used on their) 193.12 391.33 B 0.25 0.16 (machines. These steps include b) 54 380.33 B 0.25 0.16 (uilding a f) 188.4 380.33 B 0.25 0.16 (ire) 231.24 380.33 B 0.25 0.16 (w) 242.03 380.33 B 0.25 0.16 (all between) 249.31 380.33 B 0.25 0.09 (the Internet and the compan) 54 369.33 B 0.25 0.09 (y\325) 169.02 369.33 B 0.25 0.09 (s intranet, obtaining softw) 176.99 369.33 B 0.25 0.09 (are) 284.6 369.33 B 0.25 0.15 (only from kno) 54 358.33 B 0.25 0.15 (wn and trusted sources, and using anti-virus) 113.38 358.33 B (programs to check all ne) 54 347.33 T (w softw) 152.06 347.33 T (are.) 183.9 347.33 T 0.25 0.09 (Use of applets potentially adds a ne) 54 328.33 B 0.25 0.09 (w security vunerability) 200.49 328.33 B 0.25 0.09 (.) 294.5 328.33 B 0.17 (An emplo) 54 317.33 P 0.17 (yee searching an e) 93.79 317.33 P 0.17 (xternal W) 167.71 317.33 P 0.17 (eb site for information) 206.79 317.33 P -0.19 (might inadv) 54 306.33 P -0.19 (ertently load and e) 101.72 306.33 P -0.19 (x) 175.15 306.33 P -0.19 (ecute an applet without being) 180 306.33 P 0.25 0.03 (a) 54 295.33 B 0.25 0.03 (w) 58.32 295.33 B 0.25 0.03 (are that the site contains e) 65.47 295.33 B 0.25 0.03 (x) 171.06 295.33 B 0.25 0.03 (ecutable code. This automatic) 175.94 295.33 B 0.22 (distrib) 54 284.33 P 0.22 (ution of e) 79.36 284.33 P 0.22 (x) 117.98 284.33 P 0.22 (ecutables mak) 122.83 284.33 P 0.22 (es it v) 179.88 284.33 P 0.22 (ery lik) 204.06 284.33 P 0.22 (ely that softw) 230.01 284.33 P 0.22 (are) 284.79 284.33 P 0.25 0.41 (will be obtained from untrusted third parties. Since the) 54 273.33 B 0.25 0.36 (applet is imported into the user\325) 54 262.33 B 0.25 0.36 (s web bro) 194.19 262.33 B 0.25 0.36 (wser and runs) 236.6 262.33 B 0.25 0.42 (locally) 54 251.33 B 0.25 0.42 (, this softw) 83.51 251.33 B 0.25 0.42 (are could potentially steal or damage) 133.13 251.33 B 0.25 0.17 (information stored in the user\325) 54 240.33 B 0.25 0.17 (s machine on a netw) 181.26 240.33 B 0.25 0.17 (ork f) 266.97 240.33 B 0.25 0.17 (ile) 286.67 240.33 B 0.25 0.53 (serv) 54 229.33 B 0.25 0.53 (er) 72.62 229.33 B 0.25 0.53 (. Also, since this softw) 80.9 229.33 B 0.25 0.53 (are is already behind the) 185.58 229.33 B -0.13 (compan) 54 218.33 P -0.13 (y\325) 85.51 218.33 P -0.13 (s \336re) 93.29 218.33 P -0.13 (w) 112.63 218.33 P -0.13 (all, the applet could attack other unprotected) 119.75 218.33 P -0.14 (machines on a corporate intranet. These attacks w) 54 207.33 P -0.14 (ould not be) 252.29 207.33 P (stopped by traditional security measures.) 54 196.33 T 0.25 0.15 (Ja) 54 177.33 B 0.25 0.15 (v) 62.43 177.33 B 0.25 0.15 (a protects its users from these dangers by placing strict) 67.32 177.33 B 0.25 0.15 (limits on applets. Applets cannot read from or write to the) 54 166.33 B 0.25 0.42 (local disk. Stand-alone windo) 54 155.33 B 0.25 0.42 (ws created by applets are) 185.47 155.33 B 0.25 0 (clearly labeled as being o) 54 144.33 B 0.25 0 (wned by untrusted softw) 156.4 144.33 B 0.25 0 (are. These) 255.66 144.33 B 0.25 0.11 (limits pre) 54 133.33 B 0.25 0.11 (v) 93.2 133.33 B 0.25 0.11 (ent malicious applets from stealing information,) 98.17 133.33 B 0.25 0.22 (spreading viruses, or acting as T) 54 122.33 B 0.25 0.22 (rojan horses. Applets are) 191.56 122.33 B 0.25 0.15 (also prohibited from making netw) 54 111.33 B 0.25 0.15 (ork connections to other) 195.84 111.33 B 0.09 (computers on the corporate intranet. This pre) 54 100.33 P 0.09 (v) 234.56 100.33 P 0.09 (ents malicious) 239.41 100.33 P 0.25 0.48 (applets from e) 54 89.33 B 0.25 0.48 (xploiting security f) 118.27 89.33 B 0.25 0.48 (la) 203.91 89.33 B 0.25 0.48 (ws that might e) 211.94 89.33 B 0.25 0.48 (xist) 281.11 89.33 B 0.25 0.2 (behind the f) 54 78.33 B 0.25 0.2 (ire) 104.17 78.33 B 0.25 0.2 (w) 115.09 78.33 B 0.25 0.2 (all or in the underlying operating system.) 122.41 78.33 B -0.14 (While Ja) 54 67.33 P -0.14 (v) 88.93 67.33 P -0.14 (a is the not \336rst or only platform that claims to be a) 93.68 67.33 P 0.25 0.53 (secure means of distrib) 315 731.33 B 0.25 0.53 (uting e) 420.14 731.33 B 0.25 0.53 (x) 451.43 731.33 B 0.25 0.53 (ecutable code o) 456.8 731.33 B 0.25 0.53 (v) 527.25 731.33 B 0.25 0.53 (er the) 532.63 731.33 B (internet, it it perhaps the best kno) 315 720.33 T (wn and most widely used.) 448.35 720.33 T 1 F (WHA) 315 697.33 T (T IS SECURITY?) 337.98 697.33 T (The Security Pr) 315 674.33 T (ocess) 388.16 674.33 T 0 F -0 (Ef) 315 651.33 P -0 (fecti) 324.19 651.33 P -0 (v) 341.71 651.33 P -0 (e security is an on-going process which must in) 346.56 651.33 P -0 (v) 536.13 651.33 P -0 (olv) 540.93 651.33 P -0 (e) 553.56 651.33 P 0.73 (e) 315 640.33 P 0.73 (v) 319.19 640.33 P 0.73 (ery member of an or) 324.04 640.33 P 0.73 (g) 408.43 640.33 P 0.73 (anization and touch e) 413.38 640.33 P 0.73 (v) 500.59 640.33 P 0.73 (ery aspect of) 505.44 640.33 P 0.92 (its operation. The strongest possible netw) 315 629.33 P 0.92 (ork and computer) 485.61 629.33 P 0.76 (security does little to protect an or) 315 618.33 P 0.76 (g) 456.05 618.33 P 0.76 (anization which has not) 461 618.33 P 0.12 (tak) 315 607.33 P 0.12 (en steps to ensure that its emplo) 327.12 607.33 P 0.12 (yees are trustw) 455.49 607.33 P 0.12 (orth) 515.6 607.33 P 0.12 (y or to) 531.66 607.33 P 2.69 (protect its ph) 315 596.33 P 2.69 (ysical assets from theft. Similarly) 372.54 596.33 P 2.69 (, the best) 516.8 596.33 P 4.97 (security mechanisms and procedures quickly f) 315 585.33 P 4.97 (all into) 524.97 585.33 P -0.05 (disrepair if the) 315 574.33 P -0.05 (y are not constantly reinforced by training and) 373.08 574.33 P (periodically updated to account for ne) 315 563.33 T (w threats.) 466.66 563.33 T 1 F (Cost V) 315 541.33 T (. Security) 345.47 541.33 T 0 F 0.25 0.05 (Security is one means by which an or) 315 525.33 B 0.25 0.05 (g) 468.15 525.33 B 0.25 0.05 (anization can protect) 473.15 525.33 B 0.25 0.16 (or e) 315 514.33 B 0.25 0.16 (xtend a competiti) 331.01 514.33 B 0.25 0.16 (v) 403.44 514.33 B 0.25 0.16 (e adv) 408.45 514.33 B 0.25 0.16 (antage. By protecting v) 430.63 514.33 B 0.25 0.16 (aluable) 528.15 514.33 B 0.25 0.09 (ph) 315 503.33 B 0.25 0.09 (ysical assets or proprietary intellectual property) 325.12 503.33 B 0.25 0.09 (, security) 520.31 503.33 B 0.25 0.32 (policies and procedures allo) 315 492.33 B 0.25 0.32 (w an or) 436.46 492.33 B 0.25 0.32 (g) 469.02 492.33 B 0.25 0.32 (anization to e) 474.3 492.33 B 0.25 0.32 (xploit) 533.05 492.33 B 0.05 (those assets to the fullest. But there are costs associated with) 315 481.33 P 0.25 0.33 (all security procedures and these costs must be weighed) 315 470.33 B 0.25 0.12 (ag) 315 459.33 B 0.25 0.12 (ainst the v) 324.63 459.33 B 0.25 0.12 (alue of the assets protected by those measures) 367.3 459.33 B 0.25 0.02 (and the potential harm which could be caused by the loss of) 315 448.33 B 0.05 (that asset. A compan) 315 437.33 P 0.05 (y which wished to adv) 398.33 437.33 P 0.05 (ertise on the W) 488.38 437.33 P 0.05 (eb) 548.56 437.33 P 0.25 0.6 (may be satisf) 315 426.33 B 0.25 0.6 (ied with a simple f) 375.56 426.33 B 0.25 0.6 (ire) 461.91 426.33 B 0.25 0.6 (w) 474.02 426.33 B 0.25 0.6 (all to discourage) 481.75 426.33 B 0.12 (electronic v) 315 415.33 P 0.12 (andals. A lar) 361.8 415.33 P 0.12 (ge \336nancial institute with billions of) 412.68 415.33 P 0.25 0.12 (dollars at stak) 315 404.33 B 0.25 0.12 (e could justify much more elaborate security) 372.83 404.33 B 0.25 0.68 (measures, possibly including public k) 315 393.33 B 0.25 0.68 (e) 491.86 393.33 B 0.25 0.68 (y encryption,) 496.83 393.33 B 0.25 0.17 (dedicated, pri) 315 382.33 B 0.25 0.17 (v) 371.87 382.33 B 0.25 0.17 (ate netw) 376.8 382.33 B 0.25 0.17 (orks and re) 411.94 382.33 B 0.25 0.17 (gular security audits. In) 458.64 382.33 B 0.25 0.03 (e) 315 371.33 B 0.25 0.03 (xtreme cases, public safety and national security may be at) 319.32 371.33 B 0.25 0.05 (risk. F) 315 360.33 B 0.25 0.05 (or applications such as air traf) 341.04 360.33 B 0.25 0.05 (f) 464.05 360.33 B 0.25 0.05 (ic control and military) 466.88 360.33 B 0.25 0.46 (and intelligence systems, the risks of connecting these) 315 349.33 B 0.25 0.06 (systems to the Internet may so f) 315 338.33 B 0.25 0.06 (ar out-weigh the benef) 445.46 338.33 B 0.25 0.06 (its of) 537.18 338.33 B 0.25 0.25 (increased communication that the most sensiti) 315 327.33 B 0.25 0.25 (v) 511.85 327.33 B 0.25 0.25 (e of these) 516.95 327.33 B (systems should ne) 315 316.33 T (v) 387.53 316.33 T (er be connected \050see \336g. 2\051.) 392.38 316.33 T 3 F (Ne) 315 135.15 T (w T) 327.63 135.15 T (ec) 343.7 135.15 T (hnology) 354.72 135.15 T 0 F 0.25 0.08 (Since no security system can e) 315 116.15 B 0.25 0.08 (v) 440.85 116.15 B 0.25 0.08 (er be 100% secure, it is not) 445.78 116.15 B 0.02 (meaningful to ask if a ne) 315 105.15 P 0.02 (w technology or system is \322secure\323.) 414.02 105.15 P 0.25 0.14 (Instead one should e) 315 94.15 B 0.25 0.14 (v) 400.21 94.15 B 0.25 0.14 (aluate the ne) 405.1 94.15 B 0.25 0.14 (w technology in light of) 457.69 94.15 B 0.25 0.21 (the e) 315 83.15 B 0.25 0.21 (xisting cost/security tradeof) 335.29 83.15 B 0.25 0.21 (fs. If the ne) 452.61 83.15 B 0.25 0.21 (w technology) 501.33 83.15 B 0.25 0.54 (mak) 315 72.15 B 0.25 0.54 (es it easier or cheaper to obtain the same le) 333.75 72.15 B 0.25 0.54 (v) 532.13 72.15 B 0.25 0.54 (el of) 537.52 72.15 B 0.25 0.04 (security) 315 61.15 B 0.25 0.04 (, that technology w) 346.36 61.15 B 0.25 0.04 (ould be v) 424.49 61.15 B 0.25 0.04 (ery attracti) 462.45 61.15 B 0.25 0.04 (v) 506.02 61.15 B 0.25 0.04 (e. If, on the) 510.91 61.15 B 0 0 0 1 0 0 0 K 315 150.82 558 313 C 0 0 0 1 0 0 0 K 333 304 333 205 531 205 3 L 0.5 H 2 Z 0 X 0 0 0 1 0 0 0 K N 0 10 Q (Cost) 438.5 191.73 T (Security) 0 -270 328.33 234 TF 90 180 180 72 522 214 A J 333 292.5 540 292.5 2 L J 333 292.5 336.75 292.5 2 L N [7.389 6.404] 7.389 I 336.75 292.5 536.25 292.5 2 L N J 536.25 292.5 540 292.5 2 L N (Fig. 2 Increasing security increases costs. Or) 326.5 176.04 T (g) 505.17 176.04 T (anizations) 510.12 176.04 T (must choose the appropriate trade of) 326.5 166.04 T (f.) 472.05 166.04 T (W) 355.5 225 T (eb adv) 364.14 225 T (ertiser) 390.37 225 T (On-line commerce) 395.5 256.5 T (National) 494 274.5 T (Security) 494 264.5 T J 340 228.64 346.36 235 352.73 228.64 346.36 222.27 4 Y V J 340 228.64 346.36 235 352.73 228.64 346.36 222.27 4 Y J 342.65 225.98 340 228.64 342.65 231.29 3 L N [1.731 1.5] 1.731 I 342.65 231.29 343.71 232.35 2 L N J 343.71 232.35 346.36 235 349.02 232.35 3 L N [1.731 1.5] 1.731 I 349.02 232.35 350.08 231.29 2 L N J 350.08 231.29 352.73 228.64 350.08 225.98 3 L N [1.731 1.5] 1.731 I 350.08 225.98 349.02 224.92 2 L N J 349.02 224.92 346.36 222.27 343.71 224.92 3 L N [1.731 1.5] 1.731 I 343.71 224.92 342.65 225.98 2 L N J 377.64 260 384 266.36 390.36 260 384 253.64 4 Y V J 377.64 260 384 266.36 390.36 260 384 253.64 4 Y J 380.29 257.35 377.64 260 380.29 262.65 3 L N [1.731 1.5] 1.731 I 380.29 262.65 381.35 263.71 2 L N J 381.35 263.71 384 266.36 386.65 263.71 3 L N [1.731 1.5] 1.731 I 386.65 263.71 387.71 262.65 2 L N J 387.71 262.65 390.36 260 387.71 257.35 3 L N [1.731 1.5] 1.731 I 387.71 257.35 386.65 256.29 2 L N J 386.65 256.29 384 253.64 381.35 256.29 3 L N [1.731 1.5] 1.731 I 381.35 256.29 380.29 257.35 2 L N J 478.14 283.5 484.5 289.86 490.86 283.5 484.5 277.14 4 Y V J 478.14 283.5 484.5 289.86 490.86 283.5 484.5 277.14 4 Y J 480.79 280.85 478.14 283.5 480.79 286.15 3 L N [1.731 1.5] 1.731 I 480.79 286.15 481.85 287.21 2 L N J 481.85 287.21 484.5 289.86 487.15 287.21 3 L N [1.731 1.5] 1.731 I 487.15 287.21 488.21 286.15 2 L N J 488.21 286.15 490.86 283.5 488.21 280.85 3 L N [1.731 1.5] 1.731 I 488.21 280.85 487.15 279.79 2 L N J 487.15 279.79 484.5 277.14 481.85 279.79 3 L N [1.731 1.5] 1.731 I 481.85 279.79 480.79 280.85 2 L N 0 0 0 1 0 0 0 K J 0 0 612 792 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "2" 2 %%Page: "3" 3 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 9 558 36 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 30.67 T (3) 306 30.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 1.22 (other hand, the ne) 54 731.33 B 0.25 1.22 (w system opens ne) 148.02 731.33 B 0.25 1.22 (w security) 244.44 731.33 B 0.25 0.5 (vulnerabilities and mak) 54 720.33 B 0.25 0.5 (es it more costly to achie) 159.79 720.33 B 0.25 0.5 (v) 273.52 720.33 B 0.25 0.5 (e an) 278.87 720.33 B 0.25 0.06 (acceptable le) 54 709.33 B 0.25 0.06 (v) 106.72 709.33 B 0.25 0.06 (el of security) 111.63 709.33 B 0.25 0.06 (, the or) 164.56 709.33 B 0.25 0.06 (g) 193.42 709.33 B 0.25 0.06 (anization must carefully) 198.43 709.33 B 0.11 (weigh the bene\336ts of) 54 698.33 P 0.11 (fered by the technology and ask itself if) 137.67 698.33 P 0.25 0.14 (these benef) 54 687.33 B 0.25 0.14 (its are w) 100.46 687.33 B 0.25 0.14 (orth either the added risk the) 135.96 687.33 B 0.25 0.14 (y bring or) 255.84 687.33 B (the added e) 54 676.33 T (xpense required to manage these risks.) 99.39 676.33 T 3 F (Usability) 54 657.33 T 0 F 0.25 0.17 (When calculating security costs, usability is an important,) 54 638.33 B 0.25 0.33 (and often hidden, f) 54 627.33 B 0.25 0.33 (actor) 136.54 627.33 B 0.25 0.33 (. If security mechanisms are too) 157.65 627.33 B 0.25 0.58 (time-consuming or dif) 54 616.33 B 0.25 0.58 (f) 155.81 616.33 B 0.25 0.58 (icult to use, the) 159.17 616.33 B 0.25 0.58 (y can decrease) 230.69 616.33 B -0.03 (producti) 54 605.33 P -0.03 (vity by taking time and resources which should ha) 87.08 605.33 P -0.03 (v) 287.71 605.33 P -0.03 (e) 292.56 605.33 P 0.25 (been directed to the or) 54 594.33 P 0.25 (g) 144.23 594.33 P 0.25 (anization\325) 149.18 594.33 P 0.25 (s mission. Ov) 188.62 594.33 P 0.25 (erly stringent) 243.7 594.33 P 0.23 (procedures can actually weak) 54 583.33 P 0.23 (en security) 172.61 583.33 P 0.23 (. Users who \336nd the) 215.79 583.33 P 0.25 0.56 (policies dif) 54 572.33 B 0.25 0.56 (f) 105.47 572.33 B 0.25 0.56 (icult to follo) 108.82 572.33 B 0.25 0.56 (w may ignore the policies or) 166.4 572.33 B 0.25 0.18 (implement them haphazardly) 54 561.33 B 0.25 0.18 (. In e) 175.13 561.33 B 0.25 0.18 (xtreme cases, where the) 196.82 561.33 B 0.25 0.39 (policies are seen as b) 54 550.33 B 0.25 0.39 (ureaucratic roadblocks, users may) 147.76 550.33 B 0.25 0.06 (acti) 54 539.33 B 0.25 0.06 (v) 68.44 539.33 B 0.25 0.06 (ely sabotage the policies in order to \322get the job done\323) 73.35 539.33 B (\050see \336g. 3\051.) 54 528.33 T 0.25 0.52 (In general, it is v) 54 337.33 B 0.25 0.52 (ery dif) 132.16 337.33 B 0.25 0.52 (f) 162.16 337.33 B 0.25 0.52 (icult to design easy-to-use or) 165.46 337.33 B 0.25 0.52 (automatic security mechanisms which still ef) 54 326.33 B 0.25 0.52 (fecti) 258.23 326.33 B 0.25 0.52 (v) 278.36 326.33 B 0.25 0.52 (ely) 283.73 326.33 B 0.25 0.18 (protect an or) 54 315.33 B 0.25 0.18 (g) 107.22 315.33 B 0.25 0.18 (anization\325) 112.35 315.33 B 0.25 0.18 (s assets. Despite these dif) 153.61 315.33 B 0.25 0.18 (f) 261.2 315.33 B 0.25 0.18 (iculties,) 264.16 315.33 B 0.25 0.31 (Ja) 54 304.33 B 0.25 0.31 (v) 62.74 304.33 B 0.25 0.31 (a is able to pro) 67.8 304.33 B 0.25 0.31 (vide transparent security mechanisms,) 132.44 304.33 B 0.25 0.01 (which do not require an) 54 293.33 B 0.25 0.01 (y kno) 150 293.33 B 0.25 0.01 (wledge or action on the part of) 172.53 293.33 B 0.25 0.06 (the end user) 54 282.33 B 0.25 0.06 (. This is possible because Ja) 102.97 282.33 B 0.25 0.06 (v) 217.93 282.33 B 0.25 0.06 (a\325) 222.74 282.33 B 0.25 0.06 (s security model) 230.07 282.33 B 0.25 0.09 (is intended to protect the end-user from hostile e) 54 271.33 B 0.25 0.09 (x) 254.14 271.33 B 0.25 0.09 (ecutables) 259.08 271.33 B -0.19 (accidentally imported from untrusted sources. Limiting these) 54 260.33 P 0.25 0.68 (so called \322T) 54 249.33 B 0.25 0.68 (rojan horses\323 is a much easier task than) 110.65 249.33 B 0.25 0.42 (pro) 54 238.33 B 0.25 0.42 (viding general netw) 68.44 238.33 B 0.25 0.42 (ork and ph) 156.23 238.33 B 0.25 0.42 (ysical security) 203.64 238.33 B 0.25 0.42 (. Since) 267.02 238.33 B 0.25 0.18 (Ja) 54 227.33 B 0.25 0.18 (v) 62.49 227.33 B 0.25 0.18 (a\325) 67.43 227.33 B 0.25 0.18 (s security model is intended to augment, not replace,) 75.01 227.33 B 0.25 0.22 (these traditional security mechanisms, Ja) 54 216.33 B 0.25 0.22 (v) 227.51 216.33 B 0.25 0.22 (a can pro) 232.48 216.33 B 0.25 0.22 (vide a) 271.48 216.33 B 0.25 0.26 (simple, usable solution to this simpler) 54 205.33 B 0.25 0.26 (, more manageable) 216.57 205.33 B (problem.) 54 194.33 T 1 F (Common Security F) 54 172.33 T (allacies) 148.26 172.33 T 3 F (Risk A) 54 156.33 T (v) 84.72 156.33 T (oidance) 89.98 156.33 T 0 F -0.17 (The most common security f) 54 137.33 P -0.17 (allac) 168.2 137.33 P -0.17 (y is that the goal of security) 186.93 137.33 P 0.25 0.03 (is to eliminate all risk and vulnerabilities from a system. As) 54 126.33 B 0.25 0.03 (discussed abo) 54 115.33 B 0.25 0.03 (v) 109.72 115.33 B 0.25 0.03 (e, this is an unobtainable goal and little good) 114.6 115.33 B 0.25 0.03 (comes from pursuing it. A compan) 54 104.33 B 0.25 0.03 (y with a \322zero tolerance\323) 195.39 104.33 B 0.25 0.28 (approach to security risks w) 54 93.33 B 0.25 0.28 (ould be forced to disconnect) 175.04 93.33 B 0.25 0.47 (itself completely from the Internet and thus w) 54 82.33 B 0.25 0.47 (ould not) 260.39 82.33 B 0.25 0.88 (benef) 54 71.33 B 0.25 0.88 (it from the v) 80.04 71.33 B 0.25 0.88 (ast resources and near) 141.66 71.33 B 0.25 0.88 (-uni) 249.52 71.33 B 0.25 0.88 (v) 268.89 71.33 B 0.25 0.88 (ersal) 274.61 71.33 B 0.25 0.16 (connecti) 54 60.33 B 0.25 0.16 (vity it pro) 88.92 60.33 B 0.25 0.16 (vides. Such a compan) 130.49 60.33 B 0.25 0.16 (y w) 221.53 60.33 B 0.25 0.16 (ould still be at) 236.88 60.33 B 0.25 0.56 (risk from undetected viruses in commercial softw) 315 731.33 B 0.25 0.56 (are,) 541.61 731.33 B (disgruntled emplo) 315 720.33 T (yees and industrial espionage.) 387.4 720.33 T 0.25 0.68 (While this compan) 315 701.33 B 0.25 0.68 (y spends v) 402.52 701.33 B 0.25 0.68 (ast sums of mone) 451.82 701.33 B 0.25 0.68 (y and) 533.08 701.33 B 0.25 0.82 (resources chasing the chimera of total security) 315 690.33 B 0.25 0.82 (, its) 540.01 690.33 B 0.25 0.17 (competitors with more realistic security policies w) 315 679.33 B 0.25 0.17 (ould be) 527.04 679.33 B 0.25 0.14 (concentrating on more practical matters such as e) 315 668.33 B 0.25 0.14 (xploiting) 520.78 668.33 B 0.25 0.64 (ne) 315 657.33 B 0.25 0.64 (w) 325.47 657.33 B 0.25 0.64 (, \322risk) 332.68 657.33 B 0.25 0.64 (y\323 technologies to better their competiti) 361.7 657.33 B 0.25 0.64 (v) 548.07 657.33 B 0.25 0.64 (e) 553.56 657.33 B (position.) 315 646.33 T 3 F (Piecemeal Security) 315 627.33 T 0 F 0.13 (The risk a) 315 608.33 P 0.13 (v) 355.06 608.33 P 0.13 (oidance f) 359.86 608.33 P 0.13 (allac) 396.82 608.33 P 0.13 (y is v) 415.55 608.33 P 0.13 (ery common among computer) 437.34 608.33 P 0.08 (users and managers. F) 315 597.33 P 0.08 (ortunately) 403.97 597.33 P 0.08 (, most security professionals) 443.87 597.33 P 0.25 0.54 (recognize that their goal is risk management, not risk) 315 586.33 B 0.25 0.5 (a) 315 575.33 B 0.25 0.5 (v) 319.74 575.33 B 0.25 0.5 (oidance, and do not f) 325.04 575.33 B 0.25 0.5 (all into this trap. Among these) 420.61 575.33 B 0.25 0.66 (professionals, piecemeal security is a more common) 315 564.33 B (problem.) 315 553.33 T 0.25 0 (Piecemeal security is the tendenc) 315 534.33 B 0.25 0 (y to look at small pieces of) 448.67 534.33 B 0.08 (a system or netw) 315 523.33 P 0.08 (ork in isolation from the system as a whole.) 382.64 523.33 P 0.25 0.73 (Because computer systems and especially computer) 315 512.33 B 0.25 0.19 (netw) 315 501.33 B 0.25 0.19 (orks can be e) 335.09 501.33 B 0.25 0.19 (xtremely comple) 390.61 501.33 B 0.25 0.19 (x, it is of little v) 461.02 501.33 B 0.25 0.19 (alue to) 529.68 501.33 B 0.25 0.02 (e) 315 490.33 B 0.25 0.02 (xamine indi) 319.31 490.33 B 0.25 0.02 (vidual aspects of the system. Informed security) 367.02 490.33 B 0.25 0.06 (decisions can only be made by e) 315 479.33 B 0.25 0.06 (xamining the entire system) 447.67 479.33 B 0.25 0.22 (and looking for the unanticipated side-ef) 315 468.33 B 0.25 0.22 (fects of adding a) 487.4 468.33 B (ne) 315 457.33 T (w type of softw) 324.19 457.33 T (are or netw) 386.58 457.33 T (ork resource.) 431.46 457.33 T 0.25 0.42 (Piecemeal security often is the result of ha) 315 438.33 B 0.25 0.42 (ving se) 504.89 438.33 B 0.25 0.42 (v) 536.46 438.33 B 0.25 0.42 (eral) 541.74 438.33 B 0.25 0.1 (departments responsible for dif) 315 427.33 B 0.25 0.1 (ferent aspects of security) 443.35 427.33 B 0.25 0.1 (. If) 545.78 427.33 B 0.15 (these departments do not w) 315 416.33 P 0.15 (ork closely together) 424.92 416.33 P 0.15 (, each can set) 504.25 416.33 P 0.12 (policies without re) 315 405.33 P 0.12 (g) 389.53 405.33 P 0.12 (ard for ho) 394.48 405.33 P 0.12 (w those policies af) 433.9 405.33 P 0.12 (fect security) 508.73 405.33 P 0.25 0.29 (as a whole. This can create vulnerabilities at the borders) 315 394.33 B 0.25 0.09 (between tw) 315 383.33 B 0.25 0.09 (o departments and decrease the total security of) 361.86 383.33 B -0.16 (the or) 315 372.33 P -0.16 (g) 337.71 372.33 P -0.16 (anization. These g) 342.66 372.33 P -0.16 (aps are particularly dangerous since) 415.34 372.33 P 0.25 0.49 (attack) 315 361.33 B 0.25 0.49 (ers may acti) 341.71 361.33 B 0.25 0.49 (v) 396.13 361.33 B 0.25 0.49 (ely seek out areas in which se) 401.47 361.33 B 0.25 0.49 (v) 536.21 361.33 B 0.25 0.49 (eral) 541.55 361.33 B 0.25 0.02 (departments share security responsibilities or in which there) 315 350.33 B (is a g) 315 339.33 T (ap between departments.) 336.06 339.33 T 3 F (Steel Door) 315 320.33 T (s And Grass Huts) 364.86 320.33 T 0 F -0.23 (Piecemeal security can lead an or) 315 301.33 P -0.23 (g) 447.26 301.33 P -0.23 (anization to o) 452.21 301.33 P -0.23 (v) 506.05 301.33 P -0.23 (er) 510.9 301.33 P -0.23 (-react to a) 518.47 301.33 P 0.25 0.07 (percei) 315 290.33 B 0.25 0.07 (v) 339.59 290.33 B 0.25 0.07 (ed vulnerability) 344.51 290.33 B 0.25 0.07 (. This is often the case when dealing) 408.26 290.33 B 0.25 0.05 (with ne) 315 279.33 B 0.25 0.05 (w technologies. A f) 345.04 279.33 B 0.25 0.05 (la) 424.42 279.33 B 0.25 0.05 (w found in the ne) 431.58 279.33 B 0.25 0.05 (w technology) 503.09 279.33 B 0.25 0.02 (prompts the or) 315 268.33 B 0.25 0.02 (g) 373.92 268.33 B 0.25 0.02 (anization to e) 378.89 268.33 B 0.25 0.02 (xpend great ef) 433.38 268.33 B 0.25 0.02 (fort patching the) 491.1 268.33 B 0.25 0.43 (vulnerability) 315 257.33 B 0.25 0.43 (, without f) 371.07 257.33 B 0.25 0.43 (irst checking to see if this same) 417.15 257.33 B 0.25 0.22 (vulnerability e) 315 246.33 B 0.25 0.22 (xists, undetected, in e) 376.45 246.33 B 0.25 0.22 (xisting systems. Lik) 468.48 246.33 B 0.25 0.22 (e) 553.56 246.33 B 0.25 0.12 (steel doors on a grass hut, these patches, produced at great) 315 235.33 B 0.25 0.04 (e) 315 224.33 B 0.25 0.04 (xpense, close one possible hole b) 319.33 224.33 B 0.25 0.04 (ut do little to increase the) 454.36 224.33 B (security of the system as a whole.) 315 213.33 T 0.08 (While the desire to b) 315 194.33 P 0.08 (uild steel doors to protect ag) 398.42 194.33 P 0.08 (ainst ne) 512.34 194.33 P 0.08 (wly) 543 194.33 P 0.25 0.02 (percei) 315 183.33 B 0.25 0.02 (v) 339.31 183.33 B 0.25 0.02 (ed threats can w) 344.18 183.33 B 0.25 0.02 (aste resources and slo) 409.88 183.33 B 0.25 0.02 (w the adoption) 497.78 183.33 B 0.25 0.18 (of ne) 315 172.33 B 0.25 0.18 (w technology) 336.18 172.33 B 0.25 0.18 (, pre) 392.13 172.33 B 0.25 0.18 (viously constructed steel doors can) 410.82 172.33 B 0.02 (blind an or) 315 161.33 P 0.02 (g) 358.19 161.33 P 0.02 (anization to ne) 363.14 161.33 P 0.02 (w or pre) 421.8 161.33 P 0.02 (viously unnoticed threats.) 454.91 161.33 P 0.25 0.01 (If the ne) 315 150.33 B 0.25 0.01 (w found threat is not well-understood and is similar) 348.69 150.33 B 0.25 0.19 (to the threat which moti) 315 139.33 B 0.25 0.19 (v) 415.85 139.33 B 0.25 0.19 (ated the construction of the steel) 420.79 139.33 B 0.25 0.1 (door) 315 128.33 B 0.25 0.1 (, f) 333.32 128.33 B 0.25 0.1 (alse conf) 342.08 128.33 B 0.25 0.1 (idence in the elaborately constructed door\325) 378.47 128.33 B 0.25 0.1 (s) 554.11 128.33 B 0.25 0.62 (ability to protect ag) 315 117.33 B 0.25 0.62 (ainst the ne) 406.71 117.33 B 0.25 0.62 (w threat can slo) 459.92 117.33 B 0.25 0.62 (w the) 533.34 117.33 B (adoption of more ef) 315 106.33 T (fecti) 393.9 106.33 T (v) 411.42 106.33 T (e measures.) 416.27 106.33 T 1 F (K) 315 84.33 T (eeping Current) 322.07 84.33 T 0 F 0.25 0.2 (One of the most important parts of the security process is) 315 68.33 B 0.25 0.44 (staying informed. Ne) 315 57.33 B 0.25 0.44 (w vulnerabilities in computer and) 408.66 57.33 B 0 0 0 1 0 0 0 K 54 353 297 525 C 0 0 0 1 0 0 0 K 72 516 72 417 270 417 3 L 0.5 H 2 Z 0 X 0 0 0 1 0 0 0 K N 0 10 Q (Cost) 177.5 399 T (Security) 0 -270 67.33 446 TF J 72 504.5 279 504.5 2 L J 72 504.5 75.75 504.5 2 L N [7.389 6.404] 7.389 I 75.75 504.5 275.25 504.5 2 L N J 275.25 504.5 279 504.5 2 L N J 84.5 428 M 87.78 446.62 130.8 492.97 143 466 D 152.5 445 169.38 437.04 196.5 439.44 D 202.3 439.95 260.67 438.81 266.5 439 D N (Fig. 3 Ov) 63.5 377.5 T (erly complicated and dif) 101.41 377.5 T (\336cult to follo) 198.64 377.5 T (w) 250.62 377.5 T (procedures reduce o) 63.5 367.5 T (v) 143.87 367.5 T (erall security and increase cost.) 148.72 367.5 T 0 0 0 1 0 0 0 K 0 0 612 792 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "3" 3 %%Page: "4" 4 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 18 558 45 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 39.67 T (4) 306 39.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 0.49 (netw) 54 731.33 B 0.25 0.49 (ork systems, and ne) 75.31 731.33 B 0.25 0.49 (w attacks which e) 164.04 731.33 B 0.25 0.49 (xploit those) 244.38 731.33 B 0.25 0.21 (vulnerabilities, are found re) 54 720.33 B 0.25 0.21 (gularly) 171.28 720.33 B 0.25 0.21 (. Because of these ne) 200.44 720.33 B 0.25 0.21 (w) 289.78 720.33 B 0.25 0.51 (attacks, e) 54 709.33 B 0.25 0.51 (v) 96.35 709.33 B 0.25 0.51 (en the most secure installation will quickly) 101.72 709.33 B 0.25 0.09 (become vulnerable if its security is not acti) 54 698.33 B 0.25 0.09 (v) 231.48 698.33 B 0.25 0.09 (ely maintained) 236.42 698.33 B (by a well-informed, up-to-date staf) 54 687.33 T (f.) 193.44 687.33 T 0.25 0.13 (The CER) 54 668.33 B 0.25 0.13 (T) 92.04 668.33 B 0 8 Q 0.2 0.13 (2) 98.28 672.33 B 0 10 Q 0.25 0.13 ( Coordination Center \050CER) 102.4 668.33 B 0.25 0.13 (T/CC\051 maintains an) 215.45 668.33 B 0.25 0.06 (e) 54 657.33 B 0.25 0.06 (xcellent set of on-line resources for security professionals.) 58.35 657.33 B -0.03 (The CER) 54 646.33 P -0.03 (T/CC e) 90.87 646.33 P -0.03 (v) 119.75 646.33 P -0.03 (olv) 124.55 646.33 P -0.03 (ed from an Adv) 137.18 646.33 P -0.03 (anced Research Projects) 199.88 646.33 P 0 (Agenc) 54 635.33 P 0 (y \050ARP) 79.95 635.33 P 0 (A\051 computer emer) 109.31 635.33 P 0 (genc) 182.45 635.33 P 0 (y response team formed) 201.18 635.33 P 0.25 0 (in 1988 follo) 54 624.33 B 0.25 0 (wing the Morris Internet W) 105.96 624.33 B 0.25 0 (orm. The CER) 216.21 624.33 B 0.25 0 (T/CC) 274.76 624.33 B 0.25 0.05 (collects and in) 54 613.33 B 0.25 0.05 (v) 112.62 613.33 B 0.25 0.05 (estig) 117.52 613.33 B 0.25 0.05 (ates reports of security attacks and ne) 136.61 613.33 B 0.25 0.05 (w) 289.78 613.33 B 0.25 0.27 (found vulnerabilities. The) 54 602.33 B 0.25 0.27 (y distrib) 165.01 602.33 B 0.25 0.27 (ute this information as) 200.56 602.33 B 0.25 0.14 (CER) 54 591.33 B 0.25 0.14 (T Advisories, which document the vulnerabilities, list) 73.26 591.33 B 0.02 (con\336rmed and rumored occurrences of attacks e) 54 580.33 P 0.02 (xploiting the) 246.14 580.33 P 0.25 0.31 (vulnerabilities, and document patches and procedures to) 54 569.33 B (close the vulnerabilities.) 54 558.33 T 0.25 0.2 (Ov) 54 539.33 B 0.25 0.2 (er the last se) 66.47 539.33 B 0.25 0.2 (v) 119.46 539.33 B 0.25 0.2 (eral years the CER) 124.5 539.33 B 0.25 0.2 (T/CC has documented) 203.49 539.33 B 0.25 0.51 (approximately 10 to 20 ne) 54 528.33 B 0.25 0.51 (w-found vulnerabilities and) 172.59 528.33 B 0.25 0.09 (attacks each year) 54 517.33 B 0.25 0.09 (. These vulnerabilities co) 123.82 517.33 B 0.25 0.09 (v) 227.35 517.33 B 0.25 0.09 (er all aspects of) 232.29 517.33 B 0.25 0.14 (computer security on systems ranging from mainframes to) 54 506.33 B 0.25 1.08 (Microsoft W) 54 495.33 B 0.25 1.08 (indo) 117.09 495.33 B 0.25 1.08 (ws. CER) 138.93 495.33 B 0.25 1.08 (T Advisories and other) 181.68 495.33 B 0.25 0.31 (information can be found on their web site at) 54 484.33 B 4 F 0.6 0.31 (http://) 253.12 484.33 B (www.cert.org) 54 473.33 T 0 F (.) 126 473.33 T 1 F (J) 54 450.33 T (A) 59.36 450.33 T (V) 65.78 450.33 T (A SECURITY) 71.65 450.33 T (The Sandbo) 54 427.33 T (x) 110.93 427.33 T 0 F 0.25 0.05 (Ja) 54 411.33 B 0.25 0.05 (v) 62.23 411.33 B 0.25 0.05 (a\325) 67.03 411.33 B 0.25 0.05 (s security allo) 74.35 411.33 B 0.25 0.05 (ws a user to import and run applets from) 130.88 411.33 B 0.25 0.44 (the W) 54 400.33 B 0.25 0.44 (eb or an intranet without undue risk to the user\325) 79.79 400.33 B 0.25 0.44 (s) 293.11 400.33 B 0.03 (machine. The applet\325) 54 389.33 P 0.03 (s actions are restricted to its \322sandbox\323,) 138.22 389.33 P 0.25 0.3 (an area of the web bro) 54 378.33 B 0.25 0.3 (wser dedicated to that applet. The) 150.79 378.33 B 0.25 0.36 (applet may do an) 54 367.33 B 0.25 0.36 (ything it w) 128.99 367.33 B 0.25 0.36 (ants within its sandbox, b) 176.71 367.33 B 0.25 0.36 (ut) 288.86 367.33 B 0.25 0.29 (cannot read or alter an) 54 356.33 B 0.25 0.29 (y data outside of its sandbox. The) 151.05 356.33 B 0.25 0.73 (sandbox model is to run untrusted code in a trusted) 54 345.33 B 0.25 0.12 (en) 54 334.33 B 0.25 0.12 (vironment so that if a user accidentally imports a hostile) 63.28 334.33 B (applet, that applet cannot damage the local machine.) 54 323.33 T 0.15 (This approach is much dif) 54 304.33 P 0.15 (ferent from that used in traditional) 158.77 304.33 P 0.25 0.19 (operating systems. Because most operating systems allo) 54 293.33 B 0.25 0.19 (w) 289.78 293.33 B 0.25 0.07 (applications broad access to the machine, especially in PCs) 54 282.33 B 0.25 0.32 (where v) 54 271.33 B 0.25 0.32 (ery little protection is pro) 88.28 271.33 B 0.25 0.32 (vided by the operating) 199.79 271.33 B 0.25 0.46 (system, the runtime en) 54 260.33 B 0.25 0.46 (vironment cannot be trusted. T) 154.99 260.33 B 0.25 0.46 (o) 292 260.33 B 0.25 0.21 (compensate for this lack, security policies often require a) 54 249.33 B 0.25 0.06 (le) 54 238.33 B 0.25 0.06 (v) 61.09 238.33 B 0.25 0.06 (el of trust to be established in the application before it is) 66 238.33 B 0.25 0.18 (e) 54 227.33 B 0.25 0.18 (x) 58.47 227.33 B 0.25 0.18 (ecuted. F) 63.5 227.33 B 0.25 0.18 (or e) 101.9 227.33 B 0.25 0.18 (xample, an or) 118 227.33 B 0.25 0.18 (g) 175.39 227.33 B 0.25 0.18 (anization might require that) 180.52 227.33 B 0.25 0.18 (before an emplo) 54 216.33 B 0.25 0.18 (yee runs an application obtained from the) 122.12 216.33 B 0.25 0.25 (web, that application must be check) 54 205.33 B 0.25 0.25 (ed for viruses and its) 207.35 205.33 B (source code e) 54 194.33 T (xamined for malicious code.) 108.27 194.33 T 0.13 (There are tw) 54 175.33 P 0.13 (o problems with this approach. First, the checks) 104.7 175.33 P 0.06 (required to b) 54 164.33 P 0.06 (uild trust in the application may be too comple) 105.02 164.33 P 0.06 (x) 292 164.33 P 0.25 0.28 (and time-consuming to be practical. Fe) 54 153.33 B 0.25 0.28 (w emplo) 221.82 153.33 B 0.25 0.28 (yees will) 258.66 153.33 B 0.25 0.13 (tak) 54 142.33 B 0.25 0.13 (e the time to read the source code of an application and) 66.5 142.33 B 0.25 0.2 (compile it locally to ensure that it tak) 54 131.33 B 0.25 0.2 (es no hidden hostile) 212.76 131.33 B 0.25 1.06 (actions. Second, virus check) 54 120.33 B 0.25 1.06 (ers require constant) 198 120.33 B 0.25 0.38 (maintenance in order to remain ef) 54 109.33 B 0.25 0.38 (fecti) 202.64 109.33 B 0.25 0.38 (v) 222.04 109.33 B 0.25 0.38 (e. The) 227.26 109.33 B 0.25 0.38 (y must be) 254.6 109.33 B 54 77 297 97.09 C 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 84.99 185.98 84.99 2 L 0.25 H 2 Z 0 X 0 0 0 1 0 0 0 K N 0 0 612 792 C 0 9 Q 0 X 0 0 0 1 0 0 0 K (2 CER) 54 71 T (T is a service mark of Carne) 79.96 71 T (gie Mellon Uni) 181.8 71 T (v) 236.57 71 T (ersity) 240.94 71 T 0 10 Q 0.25 0.03 (updated with samples of ne) 315 731.33 B 0.25 0.03 (wly disco) 425.91 731.33 B 0.25 0.03 (v) 464.88 731.33 B 0.25 0.03 (ered viruses and must) 469.76 731.33 B 0.03 (be installed on each machine. Also, man) 315 720.33 P 0.03 (y virus check) 476.66 720.33 P 0.03 (ers can) 529.93 720.33 P 0.25 0.17 (be turned of) 315 709.33 B 0.25 0.17 (f, either accidentally) 365.6 709.33 B 0.25 0.17 (, as part of an installation) 451.09 709.33 B 0.11 (procedure, or to sa) 315 698.33 P 0.11 (v) 389.56 698.33 P 0.11 (e time when handling \322safe\323 disk) 394.41 698.33 P 0.11 (ettes. If) 527.9 698.33 P 0.13 (the check) 315 687.33 P 0.13 (er is accidentally left of) 353.07 687.33 P 0.13 (f, the machine and possibly) 447.77 687.33 P (the entire or) 315 676.33 T (g) 363.14 676.33 T (anization are at risk.) 368.09 676.33 T 0.25 0.52 (Ja) 315 657.33 B 0.25 0.52 (v) 324.16 657.33 B 0.25 0.52 (a solv) 329.43 657.33 B 0.25 0.52 (es these problems, and the usability problem) 356.24 657.33 B 0.25 0.15 (discussed abo) 315 646.33 B 0.25 0.15 (v) 372.38 646.33 B 0.25 0.15 (e, by automatically conf) 377.38 646.33 B 0.25 0.15 (ining applets to the) 477.93 646.33 B 0.22 (sandbox. End-users do not ha) 315 635.33 P 0.22 (v) 433.74 635.33 P 0.22 (e to tak) 438.59 635.33 P 0.22 (e an) 468.38 635.33 P 0.22 (y special action in) 484.83 635.33 P 0.25 0.47 (order to ensure the safety of the machine. Because the) 315 624.33 B 0.25 0.19 (sandbox pre) 315 613.33 B 0.25 0.19 (v) 365.71 613.33 B 0.25 0.19 (ents the actions required to spread a virus or) 370.75 613.33 B 0.25 0.46 (steal information, instead of trying to identify a virus-) 315 602.33 B 0.25 0.14 (infected e) 315 591.33 B 0.25 0.14 (x) 355.67 591.33 B 0.25 0.14 (ecutable or potential attack) 360.66 591.33 B 0.25 0.14 (er) 473.31 591.33 B 0.25 0.14 (, the sandbox does) 480.96 591.33 B (not require periodic updates with ne) 315 580.33 T (w viruses.) 458.89 580.33 T 3 F (Applets And Applications) 315 561.33 T 0 F 0.25 0.34 (Ja) 315 542.33 B 0.25 0.34 (v) 323.8 542.33 B 0.25 0.34 (a programs can e) 328.89 542.33 B 0.25 0.34 (xist in tw) 402.9 542.33 B 0.25 0.34 (o forms: as applets, which) 443.89 542.33 B 0.25 0.19 (tra) 315 531.33 B 0.25 0.19 (v) 325.91 531.33 B 0.25 0.19 (el across the Internet or intranet as part of a web page) 330.94 531.33 B 0.25 0.21 (and run inside of the end-user\325) 315 520.33 B 0.25 0.21 (s bro) 444.81 520.33 B 0.25 0.21 (wser; or as traditional) 465.61 520.33 B 0.25 0.32 (stand-alone applications. Only applets are subject to the) 315 509.33 B (security restrictions described abo) 315 498.33 T (v) 451.21 498.33 T (e.) 456.06 498.33 T 0.25 0.51 (Ja) 315 479.33 B 0.25 0.51 (v) 324.15 479.33 B 0.25 0.51 (a applications are purchased and installed just lik) 329.42 479.33 B 0.25 0.51 (e) 553.56 479.33 B 0.21 (traditional commercial applications. The) 315 468.33 P 0.21 (y may be purchased) 477.67 468.33 P 0.25 0.04 (in \322shrink-wrapped\323 box) 315 457.33 B 0.25 0.04 (es or imported o) 415.77 457.33 B 0.25 0.04 (v) 482.34 457.33 B 0.25 0.04 (er a netw) 487.23 457.33 B 0.25 0.04 (ork, and) 524.67 457.33 B 0.25 0.8 (may be installed by users or system administrators) 315 446.33 B 0.25 0.36 (\050according to standard practice within an or) 315 435.33 B 0.25 0.36 (g) 506.59 435.33 B 0.25 0.36 (anization.\051) 511.9 435.33 B 0.25 0.62 (Since applications are not imported from outside the) 315 424.33 B 0.25 0.23 (or) 315 413.33 B 0.25 0.23 (g) 323.61 413.33 B 0.25 0.23 (anization, and are \050in theory\051 only installed by trusted) 328.78 413.33 B 0.25 0.01 (indi) 315 402.33 B 0.25 0.01 (viduals, Ja) 330.37 402.33 B 0.25 0.01 (v) 372.8 402.33 B 0.25 0.01 (a applications add no ne) 377.56 402.33 B 0.25 0.01 (w security concerns.) 475.31 402.33 B 0.25 0.11 (Security comes from maintaining ph) 315 391.33 B 0.25 0.11 (ysical control o) 465.9 391.33 B 0.25 0.11 (v) 529.73 391.33 B 0.25 0.11 (er the) 534.69 391.33 B 0.25 0.1 (systems, pre) 315 380.33 B 0.25 0.1 (v) 365.7 380.33 B 0.25 0.1 (enting end-users from do) 370.65 380.33 B 0.25 0.1 (wnloading untrusted) 473.92 380.33 B 0.25 0.26 (applications from the net, using virus check) 315 369.33 B 0.25 0.26 (ers and other) 502.69 369.33 B (traditional security measures.) 315 358.33 T 1 F (Building The Sandbo) 315 336.33 T (x) 414.71 336.33 T 0 F 0.25 0.63 (The sandbox is made up of se) 315 320.33 B 0.25 0.63 (v) 452.87 320.33 B 0.25 0.63 (eral dif) 458.35 320.33 B 0.25 0.63 (ferent systems) 492.02 320.33 B 0.25 0.48 (operating together) 315 309.33 B 0.25 0.48 (. These systems range from security) 396.45 309.33 B 0.25 0.09 (managers running inside of the application which imported) 315 298.33 B 0.17 (the applet, to safety features b) 315 287.33 P 0.17 (uilt into the Ja) 435.64 287.33 P 0.17 (v) 492.92 287.33 P 0.17 (a language and) 497.67 287.33 P (the virtual machine.) 315 276.33 T 3 F (Class Loader) 315 257.33 T 0 F 0.19 (When an applet is to be imported from the netw) 315 238.33 P 0.19 (ork, the web) 507.92 238.33 P 0.25 0.05 (bro) 315 227.33 B 0.25 0.05 (wser calls the applet class loader) 328.24 227.33 B 0.25 0.05 (. The class loader is the) 461.58 227.33 B 0.25 0.3 (f) 315 216.33 B 0.25 0.3 (irst link in the security chain. In addition to fetching an) 318.08 216.33 B 0.25 0.09 (applet\325) 315 205.33 B 0.25 0.09 (s e) 342.83 205.33 B 0.25 0.09 (x) 354.02 205.33 B 0.25 0.09 (ecutable code from the netw) 358.96 205.33 B 0.25 0.09 (ork, the class loader) 475.52 205.33 B 0.25 0.15 (enforces the name space hierarch) 315 194.33 B 0.25 0.15 (y) 453.42 194.33 B 0.25 0.15 (. A name space controls) 457.92 194.33 B 0.25 0.2 (what other portions of the Ja) 315 183.33 B 0.25 0.2 (v) 435.9 183.33 B 0.25 0.2 (a V) 440.85 183.33 B 0.25 0.2 (irtual Machine an applet) 455.25 183.33 B -0.09 (can access. By maintaining a separate name space for trusted) 315 172.33 P 0.25 0.05 (code which w) 315 161.33 B 0.25 0.05 (as loaded from the local disk, the class loader) 371.59 161.33 B 0.25 0.41 (pre) 315 150.33 B 0.25 0.41 (v) 328.73 150.33 B 0.25 0.41 (ents untrusted applets from g) 333.99 150.33 B 0.25 0.41 (aining access to more) 462.78 150.33 B (pri) 315 139.33 T (vile) 325.86 139.33 T (ged, trusted parts of the system.) 340.71 139.33 T 0.25 0.21 (Applets do) 315 120.33 B 0.25 0.21 (wnloaded from the net cannot create their o) 360.75 120.33 B 0.25 0.21 (wn) 545.57 120.33 B 0.25 0.12 (class loaders. Do) 315 109.33 B 0.25 0.12 (wnloaded applets are also pre) 385.4 109.33 B 0.25 0.12 (v) 508.06 109.33 B 0.25 0.12 (ented from) 513.03 109.33 B (in) 315 98.33 T (v) 322.38 98.33 T (oking methods in the system\325) 327.18 98.33 T (s class loader) 444.41 98.33 T (.) 497.18 98.33 T 3 F (V) 315 79.33 T (eri\336er) 321.17 79.33 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "4" 4 %%Page: "5" 5 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 9 558 36 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 30.67 T (5) 306 30.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 0.26 (Before running a ne) 54 731.33 B 0.25 0.26 (wly imported applet, the class loader) 139.16 731.33 B 0.25 0.44 (in) 54 720.33 B 0.25 0.44 (v) 62.26 720.33 B 0.25 0.44 (ok) 67.5 720.33 B 0.25 0.44 (es the v) 78.27 720.33 B 0.25 0.44 (erif) 112.68 720.33 B 0.25 0.44 (ier) 127.76 720.33 B 0.25 0.44 (. The v) 139.07 720.33 B 0.25 0.44 (erif) 170.54 720.33 B 0.25 0.44 (ier checks that the applet) 185.62 720.33 B 0.25 0.17 (conforms to the Ja) 54 709.33 B 0.25 0.17 (v) 131.25 709.33 B 0.25 0.17 (a language specif) 136.18 709.33 B 0.25 0.17 (ication and that there) 208.48 709.33 B 0.25 0.14 (are no violations of the Ja) 54 698.33 B 0.25 0.14 (v) 161.99 698.33 B 0.25 0.14 (a language rules or name space) 166.88 698.33 B 0.25 0.05 (restrictions. The v) 54 687.33 B 0.25 0.05 (erif) 127.84 687.33 B 0.25 0.05 (ier also checks for common violations) 141.38 687.33 B 0.13 (of memory management, lik) 54 676.33 P 0.13 (e stack under\337o) 167.6 676.33 P 0.13 (ws or o) 230.92 676.33 P 0.13 (v) 260.46 676.33 P 0.13 (er\337o) 265.31 676.33 P 0.13 (ws,) 283.39 676.33 P -0.12 (and ille) 54 665.33 P -0.12 (g) 83.45 665.33 P -0.12 (al data type casts, which could allo) 88.4 665.33 P -0.12 (w a hostile applet) 227.1 665.33 P 0.25 0.09 (to corrupt part of the security mechanism or to replace part) 54 654.33 B (of the system with its o) 54 643.33 T (wn code.) 146.81 643.33 T 3 F (Security Mana) 54 624.33 T (g) 121.7 624.33 T (er) 127.91 624.33 T 0 F 0.25 0.22 (The security manager enforces the boundaries around the) 54 605.33 B 0.25 0.37 (sandbox. Whene) 54 594.33 B 0.25 0.37 (v) 125.8 594.33 B 0.25 0.37 (er an applet tries to perform an action) 131.02 594.33 B -0.21 (which could corrupt the local machine or access information,) 54 583.33 P 0.25 0.15 (the Ja) 54 572.33 B 0.25 0.15 (v) 78.01 572.33 B 0.25 0.15 (a V) 82.91 572.33 B 0.25 0.15 (irtual Machine f) 97.18 572.33 B 0.25 0.15 (irst asks the security manager if) 163.98 572.33 B 0.25 0.06 (this action can be performed safely) 54 561.33 B 0.25 0.06 (. If the security manager) 197.03 561.33 B -0.01 (appro) 54 550.33 P -0.01 (v) 76.62 550.33 P -0.01 (es the action \321 for e) 81.47 550.33 P -0.01 (xample, a trusted applet from the) 164.85 550.33 P 0.25 0.28 (local disk may be trying to read the disk, or an imported) 54 539.33 B 0.25 0.11 (untrusted applet may be trying to connect back to its home) 54 528.33 B 0.25 0.13 (serv) 54 517.33 B 0.25 0.13 (er \321 the virtual machine will then perform the action.) 71.04 517.33 B 0.25 0.18 (Otherwise, the virtual machine raises a security e) 54 506.33 B 0.25 0.18 (xception) 261.29 506.33 B (and writes an error to the Ja) 54 495.33 T (v) 164.88 495.33 T (a console.) 169.63 495.33 T 0.25 0.13 (The security manager will not allo) 54 476.33 B 0.25 0.13 (w an untrusted applet to) 196.91 476.33 B -0.01 (read or write to a \336le, delete a \336le, get an) 54 465.33 P -0.01 (y information about) 217.58 465.33 P 0.25 0.15 (a f) 54 454.33 B 0.25 0.15 (ile, e) 64.42 454.33 B 0.25 0.15 (x) 84.86 454.33 B 0.25 0.15 (ecute operating system commands or nati) 89.86 454.33 B 0.25 0.15 (v) 262.53 454.33 B 0.25 0.15 (e code,) 267.53 454.33 B 0.25 0.39 (load a library) 54 443.33 B 0.25 0.39 (, or establish a netw) 112.69 443.33 B 0.25 0.39 (ork connection to an) 201.58 443.33 B 0.25 0.39 (y) 292 443.33 B 0.25 0.04 (machine other than the applet\325) 54 432.33 B 0.25 0.04 (s home serv) 177.4 432.33 B 0.25 0.04 (er) 225.99 432.33 B 0.25 0.04 (. This list is not) 233.3 432.33 B 0.25 0.41 (e) 54 421.33 B 0.25 0.41 (xhausti) 58.7 421.33 B 0.25 0.41 (v) 90.19 421.33 B 0.25 0.41 (e b) 95.45 421.33 B 0.25 0.41 (ut does gi) 108.67 421.33 B 0.25 0.41 (v) 151.89 421.33 B 0.25 0.41 (e a representati) 157.15 421.33 B 0.25 0.41 (v) 224.46 421.33 B 0.25 0.41 (e sample of the) 229.71 421.33 B (restrictions place on applets.) 54 410.33 T 0.25 0.02 (An application or a web bro) 54 391.33 B 0.25 0.02 (wser can only ha) 167.47 391.33 B 0.25 0.02 (v) 235.82 391.33 B 0.25 0.02 (e one security) 240.7 391.33 B 0.25 0.11 (manager) 54 380.33 B 0.25 0.11 (. This assures that all access checks are made by a) 88.67 380.33 B 0.25 0.15 (single security manager enforcing a single security polic) 54 369.33 B 0.25 0.15 (y) 290 369.33 B 0.25 0.15 (.) 294.5 369.33 B 0.25 0.27 (The security manager is loaded at start-up and cannot be) 54 358.33 B 0.25 0.43 (e) 54 347.33 B 0.25 0.43 (xtended, o) 58.72 347.33 B 0.25 0.43 (v) 104.74 347.33 B 0.25 0.43 (erridden or replaced. F) 110.01 347.33 B 0.25 0.43 (or ob) 211.49 347.33 B 0.25 0.43 (vious reasons,) 234.55 347.33 B (applets can not create their o) 54 336.33 T (wn security managers.) 168.44 336.33 T 3 F (Langua) 54 317.33 T (g) 89.46 317.33 T (e Features) 95.67 317.33 T 0 F -0.19 (Ja) 54 298.33 P -0.19 (v) 62.13 298.33 P -0.19 (a has se) 66.88 298.33 P -0.19 (v) 97.36 298.33 P -0.19 (eral language features which protect the inte) 102.21 298.33 P -0.19 (grity) 278.11 298.33 P 0.25 0.18 (of the security system and which pre) 54 287.33 B 0.25 0.18 (v) 208.3 287.33 B 0.25 0.18 (ent se) 213.33 287.33 B 0.25 0.18 (v) 237.45 287.33 B 0.25 0.18 (eral common) 242.48 287.33 B 0.25 0.41 (attacks. F) 54 276.33 B 0.25 0.41 (or e) 96.49 276.33 B 0.25 0.41 (xample, Ja) 113.48 276.33 B 0.25 0.41 (v) 160.35 276.33 B 0.25 0.41 (a programs are not allo) 165.51 276.33 B 0.25 0.41 (wed to) 267.78 276.33 B 0.25 0.39 (def) 54 265.33 B 0.25 0.39 (ine their o) 67.4 265.33 B 0.25 0.39 (wn memory pointers or to access ph) 112.51 265.33 B 0.25 0.39 (ysical) 271.71 265.33 B -0.01 (memory directly) 54 254.33 P -0.01 (. This pre) 119.72 254.33 P -0.01 (v) 157.5 254.33 P -0.01 (ents an applet from accessing and) 162.35 254.33 P -0 (modifying critical parts of the security system. The language) 54 243.33 P 0.25 0.11 (tracks the type of ne) 54 232.33 B 0.25 0.11 (wly created classes and objects so that) 138.1 232.33 B 0.25 0.48 (an applet cannot for) 54 221.33 B 0.25 0.48 (ge its o) 143.88 221.33 B 0.25 0.48 (wn class loader or security) 176.87 221.33 B -0.18 (manager) 54 210.33 P -0.18 (. The Ja) 87.88 210.33 P -0.18 (v) 118.7 210.33 P -0.18 (a language also has se) 123.45 210.33 P -0.18 (v) 210.78 210.33 P -0.18 (eral other checks for) 215.63 210.33 P 0.25 0.03 (memory and pointer ab) 54 199.33 B 0.25 0.03 (use which could weak) 148.1 199.33 B 0.25 0.03 (en the security) 237.84 199.33 B (system.) 54 188.33 T 0.25 0.39 (In addition to making Ja) 54 169.33 B 0.25 0.39 (v) 161.38 169.33 B 0.25 0.39 (a a more secure system, these) 166.52 169.33 B 0.25 0.11 (language features also mak) 54 158.33 B 0.25 0.11 (e Ja) 166.1 158.33 B 0.25 0.11 (v) 181.86 158.33 B 0.25 0.11 (a programs safer and more) 186.72 158.33 B 0.05 (reliable. Studies ha) 54 147.33 P 0.05 (v) 130.27 147.33 P 0.05 (e sho) 135.12 147.33 P 0.05 (wn that 40% to 50% of all b) 155.75 147.33 P 0.05 (ugs are) 268.36 147.33 P 0.25 0.23 (caused by errors in memory management. By automating) 54 136.33 B 0.25 0.04 (memory management, Ja) 54 125.33 B 0.25 0.04 (v) 155.37 125.33 B 0.25 0.04 (a eliminates a lar) 160.15 125.33 B 0.25 0.04 (ge class of b) 229.46 125.33 B 0.25 0.04 (ugs;) 280.21 125.33 B (this results in more stable and reliable code.) 54 114.33 T 1 F (Security Thr) 54 92.33 T (ough Openness) 112.15 92.33 T 0 F 0.25 0.27 (In the past, man) 54 76.33 B 0.25 0.27 (y computer and netw) 122.74 76.33 B 0.25 0.27 (ork systems tried to) 212.59 76.33 B 0.25 0.09 (maintain security by hiding the inner w) 54 65.33 B 0.25 0.09 (orks and policies of) 216 65.33 B 0.25 0.61 (the system. This practice, kno) 315 731.33 B 0.25 0.61 (wn as security through) 453.56 731.33 B 0.25 0.31 (obscurity) 315 720.33 B 0.25 0.31 (, assumed that if the system w) 354.37 720.33 B 0.25 0.31 (as presented as a) 485.36 720.33 B 0.25 0.25 (black box then no one w) 315 709.33 B 0.25 0.25 (ould e) 419.84 709.33 B 0.25 0.25 (xpend the ef) 446.14 709.33 B 0.25 0.25 (fort needed to) 498.77 709.33 B 0.25 0.32 (disco) 315 698.33 B 0.25 0.32 (v) 337.55 698.33 B 0.25 0.32 (er the hidden vulnerabilities. The e) 342.72 698.33 B 0.25 0.32 (xistence of the) 494.72 698.33 B 0.25 0.05 (CER) 315 687.33 B 0.25 0.05 (T/CC and a number of well publicized netw) 334.01 687.33 B 0.25 0.05 (ork attacks) 513.62 687.33 B 0.25 0.8 (in recent years demonstrate that this assumption is) 315 676.33 B 0.13 (unfounded; the box is ne) 315 665.33 P 0.13 (v) 414.17 665.33 P 0.13 (er black enough. This is especially) 419.02 665.33 P 0.25 0.12 (true for commercially successful systems. F) 315 654.33 B 0.25 0.12 (or such widely) 497 654.33 B 0.25 0.09 (used systems, too man) 315 643.33 B 0.25 0.09 (y people kno) 407.56 643.33 B 0.25 0.09 (w the internal w) 460.59 643.33 B 0.25 0.09 (orkings) 527.44 643.33 B 0.03 (of the system for the details to remain secret and the re) 315 632.33 P 0.03 (w) 534.22 632.33 P 0.03 (ards) 541.34 632.33 P (for breaking into the system are too great.) 315 621.33 T 0.03 (Sun took the opposite approach, and published all the details) 315 602.33 P 0.25 0.23 (of Ja) 315 591.33 B 0.25 0.23 (v) 335.36 591.33 B 0.25 0.23 (a security model when Ja) 340.34 591.33 B 0.25 0.23 (v) 447.77 591.33 B 0.25 0.23 (a w) 452.75 591.33 B 0.25 0.23 (as f) 467.75 591.33 B 0.25 0.23 (irst released. This) 482.53 591.33 B 0.25 0.79 (included the design specif) 315 580.33 B 0.25 0.79 (ications for the language) 439.79 580.33 B 0.25 1.2 (mechanisms and the sandbox, and a full source) 315 569.33 B 0.25 0.28 (implementation. This approach, dubbed security through) 315 558.33 B 0.25 0.02 (openness, w) 315 547.33 B 0.25 0.02 (as intended to encourage security researchers to) 364.3 547.33 B 0.25 0.31 (e) 315 536.33 B 0.25 0.31 (xamine the Ja) 319.6 536.33 B 0.25 0.31 (v) 378.98 536.33 B 0.25 0.31 (a model and to report an) 384.04 536.33 B 0.25 0.31 (y security f) 490.17 536.33 B 0.25 0.31 (la) 538.88 536.33 B 0.25 0.31 (ws) 546.58 536.33 B 0 (found; the \337a) 315 525.33 P 0 (ws could be \336x) 368.18 525.33 P 0 (ed before attacks based on those) 428.86 525.33 P 0.25 0.11 (f) 315 514.33 B 0.25 0.11 (la) 317.89 514.33 B 0.25 0.11 (ws could become endemic on the W) 325.18 514.33 B 0.25 0.11 (eb) 474.41 514.33 B 0.25 0.11 (. Security through) 483.67 514.33 B 0.25 0.36 (openness also allo) 315 503.33 B 0.25 0.36 (ws an) 394.46 503.33 B 0.25 0.36 (y or) 419.4 503.33 B 0.25 0.36 (g) 436.73 503.33 B 0.25 0.36 (anization to study the Ja) 442.04 503.33 B 0.25 0.36 (v) 548.45 503.33 B 0.25 0.36 (a) 553.56 503.33 B -0.11 (security model in detail and mak) 315 492.33 P -0.11 (e an informed assessment of) 445.15 492.33 P (the potential risks v) 315 481.33 T (ersus the bene\336ts of the Ja) 393.46 481.33 T (v) 498.52 481.33 T (a platform.) 503.27 481.33 T 1 F (The Ja) 315 459.33 T (v) 346.53 459.33 T (a Security F) 351.89 459.33 T (A) 407.78 459.33 T (Q) 414.6 459.33 T 0 F 0.25 0.07 (K) 315 443.33 B 0.25 0.07 (eeping current is as important for Ja) 322.04 443.33 B 0.25 0.07 (v) 469.65 443.33 B 0.25 0.07 (a security as it is for) 474.47 443.33 B 0.25 0.35 (general security) 315 432.33 B 0.25 0.35 (. T) 383.72 432.33 B 0.25 0.35 (o f) 395.32 432.33 B 0.25 0.35 (acilitate this, Sun maintains a Ja) 407.33 432.33 B 0.25 0.35 (v) 548.46 432.33 B 0.25 0.35 (a) 553.56 432.33 B 0.25 0.29 (Security Frequently Ask) 315 421.33 B 0.25 0.29 (ed Questions \050F) 419.88 421.33 B 0.25 0.29 (A) 487.35 421.33 B 0.25 0.29 (Q\051 page on the) 494.31 421.33 B 0.25 0.77 (Ja) 315 410.33 B 0.25 0.77 (v) 324.67 410.33 B 0.25 0.77 (a web site. This F) 330.2 410.33 B 0.25 0.77 (A) 415.18 410.33 B 0.25 0.77 (Q can be found at) 422.63 410.33 B 4 F 0.6 0.77 (http://) 511.37 410.33 B 0.6 0.15 (java.sun.com/sfaq.) 315 399.33 B 0 F 0.25 0.15 ( The F) 425.68 399.33 B 0.25 0.15 (A) 452.45 399.33 B 0.25 0.15 (Q contains more details) 459.26 399.33 B 0.25 0.1 (on kno) 315 388.33 B 0.25 0.1 (wn vulnerabilities, the status of these vulnerabilities) 343.1 388.33 B 0.25 0.51 (and, when a) 315 377.33 B 0.25 0.51 (v) 368.95 377.33 B 0.25 0.51 (ailable, dates and release numbers of the) 374.21 377.33 B 0.05 (v) 315 366.33 P 0.05 (ersion of Ja) 319.85 366.33 P 0.05 (v) 365.85 366.33 P 0.05 (a in which the vulnerabilities were \336x) 370.6 366.33 P 0.05 (ed. More) 521.85 366.33 P 0.25 0.43 (security related information can be found at) 315 355.33 B 4 F 0.6 0.43 (http://) 513.44 355.33 B (java.sun.com/security) 315 344.33 T 0 F (.) 440.35 344.33 T 0.25 0.14 (Se) 315 325.33 B 0.25 0.14 (v) 325.02 325.33 B 0.25 0.14 (eral other or) 330.01 325.33 B 0.25 0.14 (g) 380.97 325.33 B 0.25 0.14 (anizations are also tracking Ja) 386.06 325.33 B 0.25 0.14 (v) 511.05 325.33 B 0.25 0.14 (a security) 515.94 325.33 B 0.25 0.14 (.) 555.5 325.33 B 0.25 0.5 (The CER) 315 314.33 B 0.25 0.5 (T/CC has released se) 355.68 314.33 B 0.25 0.5 (v) 450.43 314.33 B 0.25 0.5 (eral advisories on Ja) 455.78 314.33 B 0.25 0.5 (v) 548.3 314.33 B 0.25 0.5 (a) 553.56 314.33 B 0.25 0.2 (Security) 315 303.33 B 0.25 0.2 (. These vulnerabilities ha) 349.3 303.33 B 0.25 0.2 (v) 455.63 303.33 B 0.25 0.2 (e closely paralleled the) 460.69 303.33 B 0.25 0.22 (vulnerabilities listed abo) 315 292.33 B 0.25 0.22 (v) 419.26 292.33 B 0.25 0.22 (e and in the Ja) 424.32 292.33 B 0.25 0.22 (v) 485.55 292.33 B 0.25 0.22 (a Security F) 490.52 292.33 B 0.25 0.22 (A) 541.18 292.33 B 0.25 0.22 (Q.) 548.07 292.33 B 0.25 0.48 (Details are from the CER) 315 281.33 B 0.25 0.48 (T/CC web site. Se) 428.59 281.33 B 0.25 0.48 (v) 510.05 281.33 B 0.25 0.48 (eral other) 515.38 281.33 B 0.25 0.02 (or) 315 270.33 B 0.25 0.02 (g) 323.19 270.33 B 0.25 0.02 (anizations, including researchers at Princeton Uni) 328.16 270.33 B 0.25 0.02 (v) 528.95 270.33 B 0.25 0.02 (ersity) 533.82 270.33 B 0.25 0.02 (,) 555.5 270.33 B 0.01 (ha) 315 259.33 P 0.01 (v) 324.24 259.33 P 0.01 (e been in) 329.09 259.33 P 0.01 (v) 364.81 259.33 P 0.01 (estig) 369.66 259.33 P 0.01 (ating Ja) 388.5 259.33 P 0.01 (v) 419.14 259.33 P 0.01 (a security) 423.89 259.33 P 0.01 (. The Princeton \336ndings) 461.86 259.33 P 0.25 0.24 (can be found at) 315 248.33 B 4 F 0.6 0.24 (http://www.cs.princeton.edu/) 383.64 248.33 B (sip/) 315 237.33 T 0 F (.) 339 237.33 T 1 F (EXTENDING J) 315 214.33 T (A) 381.48 214.33 T (V) 387.9 214.33 T (A SECURITY) 393.77 214.33 T (Security Modeling) 315 191.33 T 0 F 0.25 0.22 (While man) 315 175.33 B 0.25 0.22 (y e) 361.19 175.33 B 0.25 0.22 (xperts agree that the Ja) 373.88 175.33 B 0.25 0.22 (v) 471.48 175.33 B 0.25 0.22 (a Security model is) 476.44 175.33 B 0.25 0.22 (basically sound, there is a concern that the model has not) 315 164.33 B -0.01 (been e) 315 153.33 P -0.01 (xamined in enough detail to ensure that the sandbox is) 340.65 153.33 P 0.25 0.17 (as secure as is claimed. There is also the possibility that a) 315 142.33 B 0.25 0.02 (particular implementation of the Ja) 315 131.33 B 0.25 0.02 (v) 456.47 131.33 B 0.25 0.02 (a security model suf) 461.24 131.33 B 0.25 0.02 (fers) 542.95 131.33 B 0.25 0.03 (from b) 315 120.33 B 0.25 0.03 (ugs and other coding errors which could be e) 342.14 120.33 B 0.25 0.03 (xploited) 525.04 120.33 B 0.25 0.41 (by a malicious applet which wished to break out of the) 315 109.33 B 0.25 0.31 (sandbox. Finally) 315 98.33 B 0.25 0.31 (, there could be une) 386.15 98.33 B 0.25 0.31 (xpected interactions) 471.69 98.33 B 0.25 0.13 (between Ja) 315 87.33 B 0.25 0.13 (v) 360.48 87.33 B 0.25 0.13 (a applets and other parts of the netw) 365.36 87.33 B 0.25 0.13 (ork which) 516.45 87.33 B 0.06 (could be e) 315 76.33 P 0.06 (xploited. Problems which e) 356.07 76.33 P 0.06 (xploit all three of these) 465.55 76.33 P (cate) 315 65.33 T (gories ha) 330.95 65.33 T (v) 367.13 65.33 T (e been reported.) 371.98 65.33 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "5" 5 %%Page: "6" 6 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 18 558 45 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 39.67 T (6) 306 39.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 0.22 (F) 54 731.33 B 0.25 0.22 (or these reasons, Sun has initiated an independent, third) 59.63 731.33 B 0.25 0.72 (party security modeling ef) 54 720.33 B 0.25 0.72 (fort. The f) 178.44 720.33 B 0.25 0.72 (irst step, being) 227.11 720.33 B 0.25 0.02 (conducted by security consultant Blackw) 54 709.33 B 0.25 0.02 (atch Inc. \050) 219.97 709.33 B 4 F 0.6 0.02 (http:/) 260.92 709.33 B 0.6 0.61 (/www.blackwatch.com) 54 698.33 B 0 F 0.25 0.61 (\051, will produce a Security) 179.5 698.33 B 0.25 0.41 (Reference Model. The Reference Model will document) 54 687.33 B (Ja) 54 676.33 T (v) 62.13 676.33 T (a\325) 66.88 676.33 T (s security model in rigorous detail.) 74.1 676.33 T 0.25 0.04 (The second step will be to de) 54 657.33 B 0.25 0.04 (v) 172.93 657.33 B 0.25 0.04 (elop a more rigorous security) 177.81 657.33 B 0.07 (compatibility test suite based on the Reference Model. Since) 54 646.33 P 0.25 0.23 (each Ja) 54 635.33 B 0.25 0.23 (v) 84.82 635.33 B 0.25 0.23 (a licensee is free to re-implement portions of the) 89.8 635.33 B -0.04 (Ja) 54 624.33 P -0.04 (v) 62.13 624.33 P -0.04 (a V) 66.88 624.33 P -0.04 (irtual Machine, the ne) 80.4 624.33 P -0.04 (w test suite will ensure that both) 167.79 624.33 P 0.25 0.57 (Sun and all licensees ha) 54 613.33 B 0.25 0.57 (v) 164.05 613.33 B 0.25 0.57 (e correctly implemented the) 169.47 613.33 B 0.25 0.06 (Reference Model. This test suite will be an enhancement to) 54 602.33 B 0.82 1.25 (the test suite already used to ensure that Ja) 54 591.33 B 0.82 1.25 (v) 286.56 591.33 B 0.82 1.25 (a) 292.56 591.33 B (implementations comply with the Ja) 54 580.33 T (v) 198.8 580.33 T (a standard.) 203.55 580.33 T -0.22 (The third step will be to commission independent, third party) 54 561.33 P 0.25 0.12 (assessments of Sun\325) 54 550.33 B 0.25 0.12 (s reference implementation of the Ja) 136.88 550.33 B 0.25 0.12 (v) 287.68 550.33 B 0.25 0.12 (a) 292.56 550.33 B 0.25 0.19 (standard. This assessment ef) 54 539.33 B 0.25 0.19 (fort relies on ha) 173.61 539.33 B 0.25 0.19 (ving a formal) 240.38 539.33 B 0.25 0.08 (model specif) 54 528.33 B 0.25 0.08 (ied so that the implementation can be assessed) 106 528.33 B (in the conte) 54 517.33 T (xt of the assertions of the security model.) 100.51 517.33 T (This re) 54 498.33 T (vie) 81.8 498.33 T (w is e) 93.77 498.33 T (xpected to be complete by the f) 116.95 498.33 T (all of 1996.) 242.38 498.33 T 1 F (Ne) 54 476.33 T (w Security F) 66.63 476.33 T (acilities) 125.34 476.33 T 0 F 0.25 0.05 (The sandbox model described abo) 54 460.33 B 0.25 0.05 (v) 193.15 460.33 B 0.25 0.05 (e protects the end-user\325) 198.05 460.33 B 0.25 0.05 (s) 293.11 460.33 B 0.25 0.1 (machine and netw) 54 449.33 B 0.25 0.1 (ork) 128.73 449.33 B 0.25 0.1 (ed computing resources from damage) 142.25 449.33 B 0.25 0.04 (or theft by a malicious applet. Users can run untrusted code) 54 438.33 B 0.25 0.5 (obtained from the netw) 54 427.33 B 0.25 0.5 (ork without undue risk to their) 158.74 427.33 B (system.) 54 416.33 T 0.25 0.1 (The sandbox model does not address se) 54 397.33 B 0.25 0.1 (v) 217.45 397.33 B 0.25 0.1 (eral other security) 222.41 397.33 B 0.25 0.17 (and pri) 54 386.33 B 0.25 0.17 (v) 83.28 386.33 B 0.25 0.17 (ac) 88.2 386.33 B 0.25 0.17 (y issues. Authentication is needed, to guarantee) 97.28 386.33 B 0.25 0.1 (that an applet comes from the place it claims to ha) 54 375.33 B 0.25 0.1 (v) 262.68 375.33 B 0.25 0.1 (e come) 267.63 375.33 B 0.25 0.38 (from. Digitally signed and authenticated applets can be) 54 364.33 B -0.03 (promoted to the status of trusted applets, and then allo) 54 353.33 P -0.03 (wed to) 270.09 353.33 P 0.25 0.12 (run with fe) 54 342.33 B 0.25 0.12 (wer security restrictions. Encryption can ensure) 99.48 342.33 B 0.25 0.25 (the pri) 54 331.33 B 0.25 0.25 (v) 81.58 331.33 B 0.25 0.25 (ac) 86.58 331.33 B 0.25 0.25 (y of data passed between an applet client and a) 95.81 331.33 B 0.25 0.21 (serv) 54 320.33 B 0.25 0.21 (er on the Internet. W) 71.36 320.33 B 0.25 0.21 (ork is underw) 159.05 320.33 B 0.25 0.21 (ay to e) 217.2 320.33 B 0.25 0.21 (xtend Ja) 245.7 320.33 B 0.25 0.21 (v) 280.5 320.33 B 0.25 0.21 (a\325) 285.46 320.33 B 0.25 0.21 (s) 293.11 320.33 B (security model into each of these areas.) 54 309.33 T 3 F (Signed J) 54 290.33 T (AR \336les) 95.48 290.33 T 0 F 0.25 0.37 (All netw) 54 271.33 B 0.25 0.37 (ork) 91.85 271.33 B 0.25 0.37 (ed systems are potentially vulnerable to the) 106.19 271.33 B 0.25 0.05 (\322Man-in-the-Middle\323 attack. In this attack, a client contacts) 54 260.33 B 0.2 (a le) 54 249.33 P 0.2 (gitimate serv) 68.21 249.33 P 0.2 (er on the netw) 120.19 249.33 P 0.2 (ork and requests some action.) 177.62 249.33 P 0.25 0.07 (The attack) 54 238.33 B 0.25 0.07 (er) 96.82 238.33 B 0.25 0.07 (, or man in the middle, notices this request and) 104.34 238.33 B 0.25 0.07 (w) 54 227.33 B 0.25 0.07 (aits for the serv) 61.19 227.33 B 0.25 0.07 (er to respond. The attack) 124.83 227.33 B 0.25 0.07 (er then intercepts) 226.51 227.33 B 0.25 0.21 (the response and supplies a bogus reply to the client. The) 54 216.33 B 0.25 0.15 (client then acts on the bogus information, or possibly runs) 54 205.33 B 0.25 0.29 (the program supplied by the attack) 54 194.33 B 0.25 0.29 (er) 203.49 194.33 B 0.25 0.29 (, gi) 211.43 194.33 B 0.25 0.29 (ving the attack) 225.36 194.33 B 0.25 0.29 (er) 288.94 194.33 B 0.23 (access to the client machine. F) 54 183.33 P 0.23 (or e) 177.19 183.33 P 0.23 (xample, an attack) 192.54 183.33 P 0.23 (er might) 263.16 183.33 P 0.25 0.27 (w) 54 172.33 B 0.25 0.27 (atch an Internet-based banking site. As clients visit the) 61.39 172.33 B -0.06 (page which pro) 54 161.33 P -0.06 (vides bill paying services, the attack) 115.38 161.33 P -0.06 (er di) 259.97 161.33 P -0.06 (v) 277.71 161.33 P -0.06 (erts) 282.56 161.33 P 0.25 0.05 (the bank\325) 54 150.33 B 0.25 0.05 (s responses and pro) 91.64 150.33 B 0.25 0.05 (vides a malicious applet which) 171.23 150.33 B -0.15 (mimics the bank\325) 54 139.33 P -0.15 (s service, b) 122.59 139.33 P -0.15 (ut also steals a cop) 166.79 139.33 P -0.15 (y of the user\325) 241.07 139.33 P -0.15 (s) 293.11 139.33 P (credit card and bank account numbers.) 54 128.33 T -0.16 (This attack can be thw) 54 109.33 P -0.16 (arted by applying \322digital shrinkwrap\323) 143.23 109.33 P 0.25 0.04 (to the applet. W) 54 98.33 B 0.25 0.04 (e trust ph) 118.41 98.33 B 0.25 0.04 (ysical softw) 156.45 98.33 B 0.25 0.04 (are we ha) 205.08 98.33 B 0.25 0.04 (v) 244.02 98.33 B 0.25 0.04 (e purchased) 248.91 98.33 B -0.23 (because its packaging sho) 54 87.33 P -0.23 (ws who produced the softw) 156.64 87.33 P -0.23 (are, and) 265.58 87.33 P -0.16 (the shrinkwrap sho) 54 76.33 P -0.16 (ws that the product has not been tampered) 129.53 76.33 P 0.25 0.26 (with. If the producer has a good reputation for pro) 54 65.33 B 0.25 0.26 (viding) 270.11 65.33 B 0.25 0.03 (softw) 315 731.33 B 0.25 0.03 (are which does not tak) 337.29 731.33 B 0.25 0.03 (e an) 428.92 731.33 B 0.25 0.03 (y hostile actions ag) 445.54 731.33 B 0.25 0.03 (ainst the) 523.87 731.33 B 0.25 0.23 (user) 315 720.33 B 0.25 0.23 (, then we can install the product with some de) 332.19 720.33 B 0.25 0.23 (gree of) 528.31 720.33 B (con\336dence.) 315 709.33 T 0.25 0.3 (\322Signed applets\323 gi) 315 690.33 B 0.25 0.3 (v) 398.65 690.33 B 0.25 0.3 (e us the same le) 403.8 690.33 B 0.25 0.3 (v) 472.61 690.33 B 0.25 0.3 (el of conf) 477.76 690.33 B 0.25 0.3 (idence in) 519 690.33 B -0.03 (netw) 315 679.33 P -0.03 (ork distrib) 334.34 679.33 P -0.03 (uted softw) 375.51 679.33 P -0.03 (are. T) 417.32 679.33 P -0.03 (o sign an applet, the producer) 439.82 679.33 P 0.25 0.09 (f) 315 668.33 B 0.25 0.09 (irst b) 317.87 668.33 B 0.25 0.09 (undles all the Ja) 338.75 668.33 B 0.25 0.09 (v) 405.01 668.33 B 0.25 0.09 (a code and related f) 409.85 668.33 B 0.25 0.09 (iles into a single) 490.42 668.33 B 0.12 (\336le called a Ja) 315 657.33 P 0.12 (v) 372.09 657.33 P 0.12 (a Archi) 376.84 657.33 P 0.12 (v) 406.42 657.33 P 0.12 (e, or J) 411.27 657.33 P 0.12 (AR. The producer then creates) 435.06 657.33 P -0.1 (a string called a digital signature based on the contents of the) 315 646.33 P 0.25 0.26 (J) 315 635.33 B 0.25 0.26 (AR. The full details of digital signatures are be) 318.55 635.33 B 0.25 0.26 (yond the) 521.2 635.33 B 0.25 0.4 (scope of this white paper) 315 624.33 B 0.25 0.4 (. More details can be found in) 425.32 624.33 B 0.25 0.42 (\322) 315 613.33 B 0.25 0.42 (Applied Cryptograph) 319.06 613.33 B 0.25 0.42 (y) 412.55 613.33 B 0.25 0.42 (,) 417.32 613.33 B 0.25 0.42 (\323 by Bruce Schneier) 419.55 613.33 B 0.25 0.42 (, as well as) 508.73 613.33 B (numerous other cryptographic reference books.) 315 602.33 T 0.25 0.45 (J) 315 583.33 B 0.25 0.45 (AR f) 318.74 583.33 B 0.25 0.45 (iles solv) 339.97 583.33 B 0.25 0.45 (e another problem. Currently) 377.21 583.33 B 0.25 0.45 (, man) 506.08 583.33 B 0.25 0.45 (y Ja) 530.66 583.33 B 0.25 0.45 (v) 548.36 583.33 B 0.25 0.45 (a) 553.56 583.33 B -0.16 (applets tak) 315 572.33 P -0.16 (e a v) 357.79 572.33 P -0.16 (ery long time to do) 376.2 572.33 P -0.16 (wnload and be) 451.42 572.33 P -0.16 (gin running.) 509.27 572.33 P 0.25 0.09 (This can be anno) 315 561.33 B 0.25 0.09 (ying e) 385.12 561.33 B 0.25 0.09 (v) 410.38 561.33 B 0.25 0.09 (en for those users with a v) 415.32 561.33 B 0.25 0.09 (ery high) 524.07 561.33 B 0.25 0.51 (speed link to the Internet. The problem is that current) 315 550.33 B 0.25 0.15 (Internet protocols mo) 315 539.33 B 0.25 0.15 (v) 404.67 539.33 B 0.25 0.15 (e web pages across the Internet one) 409.67 539.33 B 0.25 0.09 (f) 315 528.33 B 0.25 0.09 (ile at a time. Since there is some o) 317.87 528.33 B 0.25 0.09 (v) 460.05 528.33 B 0.25 0.09 (erhead associated with) 464.99 528.33 B 0.07 (each request for a \336le, web pages and Ja) 315 517.33 P 0.07 (v) 476.12 517.33 P 0.07 (a applets which are) 480.88 517.33 P 0.25 0.55 (composed of man) 315 506.33 B 0.25 0.55 (y small f) 394.63 506.33 B 0.25 0.55 (iles might spend more time) 434.48 506.33 B 0.09 (requesting those \336les and w) 315 495.33 P 0.09 (aiting for replies than the) 426.35 495.33 P 0.09 (y spend) 527.08 495.33 P -0.12 (actually mo) 315 484.33 P -0.12 (ving the information. Since a J) 361.67 484.33 P -0.12 (AR \336le b) 483.27 484.33 P -0.12 (undles all) 519.51 484.33 P 0.15 (the information needed by the applet and its web page into a) 315 473.33 P 0.25 0.08 (single f) 315 462.33 B 0.25 0.08 (ile, the entire page can be do) 345.02 462.33 B 0.25 0.08 (wnloaded with a single) 463.19 462.33 B 0.25 0.13 (request. F) 315 451.33 B 0.25 0.13 (or man) 355.86 451.33 B 0.25 0.13 (y pages this will greatly reduce do) 384.81 451.33 B 0.25 0.13 (wnload) 527.9 451.33 B (times.) 315 440.33 T 0.25 0.57 (J) 315 421.33 B 0.25 0.57 (ARs and digital signatures can also be used for Ja) 318.86 421.33 B 0.25 0.57 (v) 548.23 421.33 B 0.25 0.57 (a) 553.56 421.33 B 0.25 0.12 (applications. While Ja) 315 410.33 B 0.25 0.12 (v) 406.55 410.33 B 0.25 0.12 (a applications are more trustw) 411.42 410.33 B 0.25 0.12 (orth) 536.46 410.33 B 0.25 0.12 (y) 553 410.33 B 0.25 0.01 (than applets because the) 315 399.33 B 0.25 0.01 (y do not tra) 412.84 399.33 B 0.25 0.01 (v) 459.38 399.33 B 0.25 0.01 (el o) 464.24 399.33 B 0.25 0.01 (v) 479.12 399.33 B 0.25 0.01 (er the Internet and) 483.98 399.33 B 0.25 0.1 (are subject to an or) 315 388.33 B 0.25 0.1 (g) 393.86 388.33 B 0.25 0.1 (anizations traditional security policies,) 398.91 388.33 B 0.25 0.49 (applications are subject to se) 315 377.33 B 0.25 0.49 (v) 445.39 377.33 B 0.25 0.49 (eral types of attack. F) 450.73 377.33 B 0.25 0.49 (or) 549.18 377.33 B 0.25 0.08 (e) 315 366.33 B 0.25 0.08 (xample, viruses spread by modifying e) 319.37 366.33 B 0.25 0.08 (xisting applications) 478.25 366.33 B 0.25 0.21 (to include a cop) 315 355.33 B 0.25 0.21 (y of the virus. Since a virus w) 382.67 355.33 B 0.25 0.21 (ould not be) 510.36 355.33 B 0.08 (able to produce a v) 315 344.33 P 0.08 (alid signature for the altered program, the) 391.16 344.33 P 0.25 0.08 (Ja) 315 333.33 B 0.25 0.08 (v) 323.3 333.33 B 0.25 0.08 (a system could detect that a signed application has been) 328.13 333.33 B 0.25 0.03 (tampered with, and refuse to run it. Since the J) 315 322.33 B 0.25 0.03 (AR signature) 504.38 322.33 B 0.25 0 (system will w) 315 311.33 B 0.25 0 (ork with all types of information, not just Ja) 371.01 311.33 B 0.25 0 (v) 548.81 311.33 B 0.25 0 (a) 553.56 311.33 B -0.22 (\336les, J) 315 300.33 P -0.22 (AR signatures can also be used to protect data \336les and) 339.73 300.33 P (other information.) 315 289.33 T 0.25 0.26 (Signed J) 315 270.33 B 0.25 0.26 (AR f) 350.91 270.33 B 0.25 0.26 (iles will be included in Ja) 371.38 270.33 B 0.25 0.26 (v) 481.42 270.33 B 0.25 0.26 (a release 1.1 and) 486.43 270.33 B (should be a) 315 259.33 T (v) 360.35 259.33 T (ailable by the end of 1996.) 365.1 259.33 T 3 F (Fle) 315 240.33 T (xib) 329.3 240.33 T (le P) 343.65 240.33 T (olicies) 361.04 240.33 T 0 F 0.04 (Since digital signatures allo) 315 221.33 P 0.04 (w us to assign to Ja) 425.69 221.33 P 0.04 (v) 503.18 221.33 P 0.04 (a applets the) 507.93 221.33 P 0.25 0.53 (same le) 315 210.33 B 0.25 0.53 (v) 348.97 210.33 B 0.25 0.53 (el of trust which we assign to shrinkwrapped) 354.35 210.33 B 0.25 0.39 (applications, it may be useful to relax the Ja) 315 199.33 B 0.25 0.39 (v) 510.51 199.33 B 0.25 0.39 (a security) 515.65 199.33 B -0.21 (restrictions for some applets. F) 315 188.33 P -0.21 (or e) 437.63 188.33 P -0.21 (xample, it w) 452.54 188.33 P -0.21 (ould be useful) 501.75 188.33 P 0.25 0.08 (if the home banking applet described abo) 315 177.33 B 0.25 0.08 (v) 484.6 177.33 B 0.25 0.08 (e could establish) 489.53 177.33 B 0.25 0.41 (its o) 315 166.33 B 0.25 0.41 (wn directory on the user\325) 333.98 166.33 B 0.25 0.41 (s hard disk. It could store) 445.1 166.33 B -0.13 (account and credit card numbers, passw) 315 155.33 P -0.13 (ords, PINs, and other) 473.67 155.33 P 0.25 0.05 (frequently used information so the end-user w) 315 144.33 B 0.25 0.05 (ould not ha) 502.86 144.33 B 0.25 0.05 (v) 548.66 144.33 B 0.25 0.05 (e) 553.56 144.33 B (to constantly re-enter that information.) 315 133.33 T 0.25 0 (Signed applets can be used to create this en) 315 114.33 B 0.25 0 (vironment. If the) 489.98 114.33 B 0.01 (end-user has pre) 315 103.33 P 0.01 (viously told the Ja) 380.31 103.33 P 0.01 (v) 453.21 103.33 P 0.01 (a system that a particular) 457.96 103.33 P 0.25 0.03 (web publisher) 315 92.33 B 0.25 0.03 (, say a bank or credit card compan) 371.62 92.33 B 0.25 0.03 (y) 511.4 92.33 B 0.25 0.03 (, is trusted) 515.78 92.33 B 0.25 0.06 (and a signed applet from that publisher has arri) 315 81.33 B 0.25 0.06 (v) 507.87 81.33 B 0.25 0.06 (ed o) 512.78 81.33 B 0.25 0.06 (v) 530.06 81.33 B 0.25 0.06 (er the) 534.97 81.33 B 0.25 0.43 (Internet and been authenticated, then the Ja) 315 70.33 B 0.25 0.43 (v) 508.39 70.33 B 0.25 0.43 (a Security) 513.58 70.33 B 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "6" 6 %%Page: "7" 7 612 792 0 FMBEGINPAGE [0 0 0 1 0 0 0] [ 0 1 1 0 1 0 0] [ 1 0 1 0 0 1 0] [ 1 1 0 0 0 0 1] [ 1 0 0 0 0 1 1] [ 0 1 0 0 1 0 1] [ 0 0 1 0 1 1 0] 7 FrameSetSepColors FrameNoSep 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 0 0 0 1 0 0 0 K 54 9 558 36 R 7 X 0 0 0 1 0 0 0 K V 0 8 Q 0 X (\251 Sun Microsystems, Inc., 1996) 54 30.67 T (7) 306 30.67 T 54 54 558 738 R 7 X V 0 10 Q 0 X 0.25 0.29 (Manager could allo) 54 731.33 B 0.25 0.29 (w that applet out of the sandbox, and) 137.17 731.33 B (treat it as an application.) 54 720.33 T 0.25 0.13 (The Security Manger could also enforce dif) 54 701.33 B 0.25 0.13 (ferent le) 235.01 701.33 B 0.25 0.13 (v) 269.19 701.33 B 0.25 0.13 (els of) 274.17 701.33 B 0.25 0.03 (control based on ho) 54 690.33 B 0.25 0.03 (w much a particular publisher is trusted,) 133.61 690.33 B 0.25 0.46 (or on ho) 54 679.33 B 0.25 0.46 (w much the Internet as a whole is trusted. F) 91.29 679.33 B 0.25 0.46 (or) 288.21 679.33 B 0.25 0.04 (e) 54 668.33 B 0.25 0.04 (xample, a v) 58.33 668.33 B 0.25 0.04 (ery security-conscious user could conf) 105.47 668.33 B 0.25 0.04 (igure the) 261.18 668.33 B 0.25 0.6 (system to allo) 54 657.33 B 0.25 0.6 (w signed applets to run only inside the) 118.23 657.33 B 0.03 (sandbox, and to pre) 54 646.33 P 0.03 (v) 132.15 646.33 P 0.03 (ent an) 137 646.33 P 0.03 (y unsigned applet from running at) 161.04 646.33 P 0.25 0.24 (all. Another user might conf) 54 635.33 B 0.25 0.24 (igure the system to allo) 174.11 635.33 B 0.25 0.24 (w the) 273.86 635.33 B 0.18 (banking applet to access only one particular directory on the) 54 624.33 P 0.25 0.18 (hard disk, while a net g) 54 613.33 B 0.25 0.18 (aming applet could access another) 152.93 613.33 B (directory and all other applets are restricted to the sandbox.) 54 602.33 T 3 F (A) 54 583.33 T (uditing) 60.92 583.33 T 0 F 0.25 0.33 (Auditing is another important security feature. Auditing) 54 564.33 B 0.24 (softw) 54 553.33 P 0.24 (are maintains a record of e) 76.12 553.33 P 0.24 (v) 183.4 553.33 P 0.24 (erything which happens on) 188.25 553.33 P 0.25 0.06 (the system. When something goes wrong, either through an) 54 542.33 B 0.25 0.29 (accident or a b) 54 531.33 B 0.25 0.29 (ug, or because of an attack, the audit trail) 117.51 531.33 B 0.25 0.35 (allo) 54 520.33 B 0.25 0.35 (ws systems administrators and security personnel to) 70.16 520.33 B -0.08 (\336gure out what happened, and ho) 54 509.33 P -0.08 (w to pre) 186.66 509.33 P -0.08 (v) 219.02 509.33 P -0.08 (ent a reoccurrence) 223.87 509.33 P 0.25 0.17 (in the future. While auditing cannot pre) 54 498.33 B 0.25 0.17 (v) 219.95 498.33 B 0.25 0.17 (ent accidents and) 224.96 498.33 B 0.25 0.28 (attacks, once things go wrong, it is an important tool for) 54 487.33 B (cleaning up the mess.) 54 476.33 T 0.25 0.22 (While some v) 54 457.33 B 0.25 0.22 (ersions of the Ja) 112.56 457.33 B 0.25 0.22 (v) 181.58 457.33 B 0.25 0.22 (a platform include limited) 186.55 457.33 B 0.25 0.58 (auditing features, there is no standard set of auditing) 54 446.33 B 0.25 0.2 (capabilities on which an administrator can rely) 54 435.33 B 0.25 0.2 (, and those) 251.45 435.33 B 0.08 (features that do e) 54 424.33 P 0.08 (xist do not record as much detail as is often) 122.68 424.33 P 0.25 0.49 (needed. Ef) 54 413.33 B 0.25 0.49 (forts are under w) 101.68 413.33 B 0.25 0.49 (ay to def) 178.72 413.33 B 0.25 0.49 (ine what standard) 218.09 413.33 B 0.25 0.16 (features need to be included in e) 54 402.33 B 0.25 0.16 (v) 190.03 402.33 B 0.25 0.16 (ery Ja) 195.05 402.33 B 0.25 0.16 (v) 219.67 402.33 B 0.25 0.16 (a implementation) 224.59 402.33 B (and ho) 54 391.33 T (w these features should be implemented.) 80.69 391.33 T 3 F (Encr) 54 372.33 T (yption) 76.33 372.33 T 0 F 0.25 0.22 (While the sandbox and signed applets can protect ag) 54 353.33 B 0.25 0.22 (ainst) 277.22 353.33 B 0.25 0.13 (hostile applets and man-in-the-middle attacks, information) 54 342.33 B 0.25 0.12 (tra) 54 331.33 B 0.25 0.12 (v) 64.71 331.33 B 0.25 0.12 (eling between the applet and a serv) 69.69 331.33 B 0.25 0.12 (er on the Internet is) 215.81 331.33 B 0.25 0.06 (still vulnerable to theft. This is because the Internet itself is) 54 320.33 B 0.25 0.51 (an insecure medium. An attack) 54 309.33 B 0.25 0.51 (er attached to a central) 193.79 309.33 B 0.1 (portion of the Internet can read all information which tra) 54 298.33 P 0.1 (v) 281.04 298.33 P 0.1 (els) 285.89 298.33 P 0.04 (through that portion of the Internet. The attack) 54 287.33 P 0.04 (er could listen) 240.26 287.33 P 0.25 0.03 (to all traf) 54 276.33 B 0.25 0.03 (f) 91.26 276.33 B 0.25 0.03 (ic bound for a major bank or mail order compan) 94.08 276.33 B 0.25 0.03 (y) 290.12 276.33 B 0.25 0.03 (,) 294.5 276.33 B 0.25 0.1 (and simply read credit card numbers and other information) 54 265.33 B -0.16 (of) 54 254.33 P -0.16 (f the wire as it passed. T) 62.08 254.33 P -0.16 (o secure ag) 157.78 254.33 P -0.16 (ainst this type of attack,) 202.38 254.33 P 0.25 0.27 (all information f) 54 243.33 B 0.25 0.27 (lo) 124.15 243.33 B 0.25 0.27 (wing between the applet and its serv) 132.23 243.33 B 0.25 0.27 (er) 288.96 243.33 B (must be rendered unreadable by encrypting it.) 54 232.33 T -0 (Se) 54 213.33 P -0 (v) 63.75 213.33 P -0 (eral Ja) 68.6 213.33 P -0 (v) 94.22 213.33 P -0 (a encryption f) 98.97 213.33 P -0 (acilities are being de) 154.4 213.33 P -0 (v) 236.61 213.33 P -0 (eloped. These) 241.46 213.33 P 0.25 0.18 (f) 54 202.33 B 0.25 0.18 (acilities will allo) 57.41 202.33 B 0.25 0.18 (w applet de) 127.72 202.33 B 0.25 0.18 (v) 176.03 202.33 B 0.25 0.18 (elopers to select the type of) 181.06 202.33 B 0.25 0.21 (encryption algorithm used, to ne) 54 191.33 B 0.25 0.21 (gotiate with the serv) 191.39 191.33 B 0.25 0.21 (er to) 277.85 191.33 B 0.25 0.16 (create the k) 54 180.33 B 0.25 0.16 (e) 102.39 180.33 B 0.25 0.16 (ys used in the encryption and to do the actual) 106.83 180.33 B (encryption of the data.) 54 169.33 T 0.25 0.19 (While there are fe) 54 150.33 B 0.25 0.19 (w technical challenges to implementing) 129.92 150.33 B 0.25 0.01 (the cryptographic functionality) 54 139.33 B 0.25 0.01 (, the US go) 178.01 139.33 B 0.25 0.01 (v) 223.71 139.33 B 0.25 0.01 (ernment imposes) 228.57 139.33 B 0.01 (strict e) 54 128.33 P 0.01 (xport controls on encryption technology) 80.8 128.33 P 0.01 (. Since Ja) 240.75 128.33 P 0.01 (v) 278.63 128.33 P 0.01 (a is) 283.38 128.33 P 0.25 0.2 (a) 54 117.33 B 0.25 0.2 (v) 58.44 117.33 B 0.25 0.2 (ailable w) 63.39 117.33 B 0.25 0.2 (orld-wide, an) 101.73 117.33 B 0.25 0.2 (y proposed cryptographic system) 157.75 117.33 B 0.08 (must comply with these la) 54 106.33 P 0.08 (ws. Ensuring this compliance may) 159.18 106.33 P (delay the release of the f) 54 95.33 T (acilities.) 151.92 95.33 T 1 F (SUMMAR) 315 731.33 T (Y) 359.49 731.33 T 0 F 0.25 0.42 (The Ja) 315 715.33 B 0.25 0.42 (v) 343.94 715.33 B 0.25 0.42 (a platform supports Write Once/Run An) 349.11 715.33 B 0.25 0.42 (ywhere) 526.48 715.33 B 0.25 0.41 (applications. This, combined with the easy distrib) 315 704.33 B 0.25 0.41 (ution) 535.79 704.33 B 0.14 (mechanisms pro) 315 693.33 P 0.14 (vided by the W) 380.26 693.33 P 0.14 (orld W) 441.25 693.33 P 0.14 (ide W) 469.04 693.33 P 0.14 (eb and W) 492.54 693.33 P 0.14 (eb-lik) 530.33 693.33 P 0.14 (e) 553.56 693.33 P 0.25 0.33 (systems called intranets, mak) 315 682.33 B 0.25 0.33 (es Ja) 442.47 682.33 B 0.25 0.33 (v) 463.34 682.33 B 0.25 0.33 (a a po) 468.42 682.33 B 0.25 0.33 (werful tool for) 494.54 682.33 B 0.25 0.46 (man) 315 671.33 B 0.25 0.46 (y netw) 333.46 671.33 B 0.25 0.46 (ork based systems. The mobile applications) 363.33 671.33 B 0.25 0.53 (which Ja) 315 660.33 B 0.25 0.53 (v) 354.55 660.33 B 0.25 0.53 (a enables \321 applications that automatically) 359.83 660.33 B 0.25 0.08 (migrate o) 315 649.33 B 0.25 0.08 (v) 353.9 649.33 B 0.25 0.08 (er the netw) 358.83 649.33 B 0.25 0.08 (ork to where the) 404.58 649.33 B 0.25 0.08 (y are needed \321solv) 471.76 649.33 B 0.25 0.08 (e) 553.56 649.33 B 0.25 0.3 (man) 315 638.33 B 0.25 0.3 (y persistent problems in application distrib) 332.96 638.33 B 0.25 0.3 (ution and) 517.88 638.33 B (systems management.) 315 627.33 T 0.25 0.22 (While mobile applications solv) 315 608.33 B 0.25 0.22 (e the softw) 447.03 608.33 B 0.25 0.22 (are distrib) 493.77 608.33 B 0.25 0.22 (ution) 536.54 608.33 B 0.25 0.18 (problem, the) 315 597.33 B 0.25 0.18 (y also mak) 367.76 597.33 B 0.25 0.18 (e it more lik) 413.24 597.33 B 0.25 0.18 (ely that end-users will) 464.79 597.33 B 0.04 (unintentionally import hostile applications into the corporate) 315 586.33 P 0.25 0.5 (netw) 315 575.33 B 0.25 0.5 (ork. Ja) 336.32 575.33 B 0.25 0.5 (v) 366.49 575.33 B 0.25 0.5 (a addresses these concerns by running all) 371.74 575.33 B 0.25 0.41 (untrusted applications in a protected area kno) 315 564.33 B 0.25 0.41 (wn as the) 516.49 564.33 B 0.25 0.4 (sandbox. Applications running in the sandbox can only) 315 553.33 B 0.25 0.09 (access local and netw) 315 542.33 B 0.25 0.09 (ork resources through a limited set of) 403.85 542.33 B 0.25 0.33 (trusted mechanisms. The sandbox model gi) 315 531.33 B 0.25 0.33 (v) 502.57 531.33 B 0.25 0.33 (es users the) 507.76 531.33 B 0.25 0.11 (adv) 315 520.33 B 0.25 0.11 (antages of easy) 329.51 520.33 B 0.25 0.11 (, ad-hoc application distrib) 392.04 520.33 B 0.25 0.11 (ution while it) 502.78 520.33 B (protects them from potentially malicious applications.) 315 509.33 T 0.25 0.01 (Se) 315 490.33 B 0.25 0.01 (v) 324.77 490.33 B 0.25 0.01 (eral ef) 329.64 490.33 B 0.25 0.01 (forts are underw) 354.98 490.33 B 0.25 0.01 (ay to further enhance the sandbox) 421.11 490.33 B 0.25 0.07 (model. Independent contractors are re) 315 479.33 B 0.25 0.07 (vie) 469.71 479.33 B 0.25 0.07 (wing the design of) 481.89 479.33 B 0.25 0.14 (the sandbox to ensure that it pro) 315 468.33 B 0.25 0.14 (vides adequate protection.) 449.3 468.33 B 0.25 0.19 (Future releases of Ja) 315 457.33 B 0.25 0.19 (v) 401.45 457.33 B 0.25 0.19 (a will pro) 406.39 457.33 B 0.25 0.19 (vide applet signing, which) 446.96 457.33 B 0.25 0.39 (acts as digital shrinkwrap. Support for f) 315 446.33 B 0.25 0.39 (le) 490.63 446.33 B 0.25 0.39 (xible security) 498.49 446.33 B 0.25 0.49 (policies, encryption and other more adv) 315 435.33 B 0.25 0.49 (anced security) 493.92 435.33 B (features are also being added.) 315 424.33 T 0.25 0.78 (An) 315 405.33 B 0.25 0.78 (y or) 328.63 405.33 B 0.25 0.78 (g) 347.64 405.33 B 0.25 0.78 (anization which is considering adding Ja) 353.37 405.33 B 0.25 0.78 (v) 548.03 405.33 B 0.25 0.78 (a) 553.56 405.33 B 0.25 0.09 (applications or Ja) 315 394.33 B 0.25 0.09 (v) 386.85 394.33 B 0.25 0.09 (a enabled softw) 391.68 394.33 B 0.25 0.09 (are to its netw) 456.14 394.33 B 0.25 0.09 (ork should) 514.47 394.33 B 0.25 0.01 (carefully consider ho) 315 383.33 B 0.25 0.01 (w Ja) 399.98 383.33 B 0.25 0.01 (v) 418.14 383.33 B 0.25 0.01 (a will af) 422.91 383.33 B 0.25 0.01 (fect their current security) 456.06 383.33 B 0.25 0 (policies. While no set of security policies can e) 315 372.33 B 0.25 0 (v) 505.39 372.33 B 0.25 0 (er eliminate) 510.24 372.33 B 0.25 0.12 (all risk from a netw) 315 361.33 B 0.25 0.12 (ork) 396.61 361.33 B 0.25 0.12 (ed en) 410.2 361.33 B 0.25 0.12 (vironment, understanding ho) 432.03 361.33 B 0.25 0.12 (w) 550.78 361.33 B 0.25 0.02 (Ja) 315 350.33 B 0.25 0.02 (v) 323.17 350.33 B 0.25 0.02 (a\325) 327.93 350.33 B 0.25 0.02 (s security model w) 335.19 350.33 B 0.25 0.02 (orks and what sorts of attacks might) 411.44 350.33 B 0.25 0.86 (be committed ag) 315 339.33 B 0.25 0.86 (ainst it, k) 394.96 339.33 B 0.25 0.86 (eeping current with ne) 441.73 339.33 B 0.25 0.86 (w) 550.78 339.33 B 0.25 0.11 (de) 315 328.33 B 0.25 0.11 (v) 324.41 328.33 B 0.25 0.11 (elopments by both attack) 329.38 328.33 B 0.25 0.11 (ers and other security of) 432.98 328.33 B 0.25 0.11 (f) 533.17 328.33 B 0.25 0.11 (icers,) 536.06 328.33 B 0.25 0.31 (and e) 315 317.33 B 0.25 0.31 (v) 337.92 317.33 B 0.25 0.31 (aluating Ja) 342.97 317.33 B 0.25 0.31 (v) 389.45 317.33 B 0.25 0.31 (a in light of the or) 394.51 317.33 B 0.25 0.31 (g) 473.66 317.33 B 0.25 0.31 (anization\325) 478.92 317.33 B 0.25 0.31 (s o) 521.43 317.33 B 0.25 0.31 (v) 533.84 317.33 B 0.25 0.31 (erall) 539 317.33 B (security polic) 315 306.33 T (y can reduce risks to an acceptable le) 369.01 306.33 T (v) 517.32 306.33 T (el.) 522.17 306.33 T 0 0 0 1 0 0 0 K FMENDPAGE %%EndPage: "7" 7 %%Trailer %%BoundingBox: 0 0 612 792 %%PageOrder: Ascend %%Pages: 7 %%DocumentFonts: Times-Roman %%+ Helvetica-Bold %%+ Times-Italic %%+ Helvetica-BoldOblique %%+ Courier %%EOF