Editing Java virtual machine (section)

====Secure execution of remote code====
A virtual machine architecture allows very fine-grained control over the actions that code within the machine is permitted to take. It assumes the code is "semantically" correct, that is, it successfully passed the (formal) bytecode verifier process, materialized by a tool, possibly off-board the virtual machine. This is designed to allow safe execution of untrusted code from remote sources, a model used by [[Java applet]]s, and other secure code downloads. Once bytecode-verified, the downloaded code runs in a restricted "[[sandbox (computer security)|sandbox]]", which is designed to protect the user from misbehaving or malicious code. As an addition to the bytecode verification process, publishers can purchase a certificate with which to [[digital signature|digitally sign]] applets as safe, giving them permission to ask the user to break out of the sandbox and access the local file system, [[clipboard (software)|clipboard]], execute external pieces of software, or network.

Formal proof of bytecode verifiers have been done by the Javacard industry (Formal Development of an Embedded Verifier for Java Card Byte Code<ref>{{cite web|last1=Casset|first1=Ludovic|last2=Burdy|first2=Lilian|last3=Requet|first3=Antoine|date=10 April 2002|title=Formal Development of an Embedded Verifier for Java Card Byte Code|website=Inria - National Institute for Research in Digital Science and Technology at [[Côte d'Azur University#National_research_organizations|Côte d'Azur University]]|url-status=live|archive-date=3 October 2022|url=http://www-sop.inria.fr/everest/Lilian.Burdy/CBR02dsn.pdf|archive-url=https://web.archive.org/web/20221003184410/http://www-sop.inria.fr/everest/Lilian.Burdy/CBR02dsn.pdf}}</ref>)