U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Taming Active Content

Published

Author(s)

Wayne Jansen

Abstract

The private and public sectors depend heavily upon information technology (IT) systems to perform essential, mission-critical functions. As technology improves to provide new capabilities and features, new vulnerabilities are often introduced as well. Organizations implementing and using advanced technologies, therefore, must be increasingly on guard. One such emerging technology is active content. Although the term has different connotations among individuals, we use it here in its broadest sense to refer to electronic documents that, unlike ASCII character documents of the past, can carry out or trigger actions automatically without the intervention of a user. Examples of active content include PostScript documents, Java applets, JavaScript, word processing macros, spreadsheet formulas, and executable electronic mail attachments. Taken to its extreme, active content becomes, in effect, a delivery mechanism for mobile code. The purpose of this paper is to provide an overview of this topic and its underlying technologies, so that the reader becomes aware of the associated security risks and can make an informed IT security decision on its application. We review real-world examples involving commonly available products and development tools to increase the understanding and awareness of the risks involved.
Conference Dates
June 11-15, 2001
Conference Location
Ottawa, CA
Conference Title
Canadian Information Technology Security Symposium
Pub Type
Conferences

Keywords

active content, malicious software, mobile code

Citation

Jansen, W. (2001), Taming Active Content, Canadian Information Technology Security Symposium, Ottawa, CA (Accessed December 13, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 1, 2001, Updated February 17, 2017