The ability to execute remote content through a web browser is very attractive to many. No matter what the security implications are, people will run Java applets because the functionality offered is so attractive that the perceived threat is not enough of a deterrent. As Ed Felten puts it, "If users have to choose between dancing pigs and security, they will pick the pigs every time."
We attempt to solve this problem at a site's firewall. We explore the problem of protecting a site on the Internet against hostile external Java applets and other executable content, while allowing trusted internal applets to run. Our strategies include packet-level filtering and application- level proxies. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated packet filtering firewalls that is most effectively realized as a Java applet.
This is joint work with David Martin and S. Rajagopalan.
A full paper is available at: http://www.cs.nyu.edu/~rubin/block.java.ps.Z.