The J-Kernel is a portable, Java-based system that extends the underlying Java Virtual Machine (JVM) to provide multiple protection domains and well-defined communication channels between the domains. The primary target application domain for the J-Kernel is customizable servers. The J-Kernel can be built into services to allow users to up custom extensions into them in a secure yet flexible manner. Just as Java currently allows content providers to safely download applets into Web browsers, the J-Kernel allows users to safely upload code into Internet servers.
The J-Kernel core is written entirely in Java and relies on properties of the language, on custom class loaders, and on "on-the-fly" bytecode rewriting techniques to implement multiple protection domains. The core runs on Sun's VM as well as on Microsoft's.
More background information can also be found in our Usenix 98 paper. Some changes in the API have been made since the paper was published. In particular, what the paper called "protection domains" are now called "tasks", because the term "protection domain" is used by other systems with different meanings.