Previous: Least Privilege
The principle of least common mechanism concerns the dangers of
sharing state among different programs. If one program can corrupt
the shared state, it can then corrupt other programs which depend on
it. This problem applies equally to all three Java-based systems. An
example of this problem was Hopwood's interface attack ,
which combined a bug in Java's interface mechanism with a shared
public variable to ultimately break the type system, and thus
circumvent system security.
This principle is also meant to discuss the notion of covert
storage channels , an issue in the design of
multi-level secure systems . Java presently makes
no effort to limit or control covert channels, but this could
be an interesting area for future work.