Java access protection through typing

We propose an integration of field access rights into the Java type system such that those access permission checks which are now performed dynamicall y (at run time), can instead be done statically, i.e. checked by the Java c ompiler and rechecked (at link time) by the bytecode verifier. We explain h ow this can be extended to remove all dynamic checks of field read access r ights, completely eliminating the overhead of get methods for reading the v alue of a field. Improvements include using fast static lookup instead of d ynamic dispatch for field access (without requiring a sophisticated inlinin g analysis), the space required by get methods is avoided, and denial-of-se rvice attacks on field access is prevented. We sketch a formalization of ad ding field access to the bytecode verifier which will make it possible to p rove that the change is safe and backwards compatible. Copyright (C) 2001 J ohn Wiley & Sons, Ltd.