===== 7.4 Security Exceptions =====

Instructions of the Java Card virtual machine throw an instance of the class SecurityException when a security violation has been detected. The Java Card virtual machine does not mandate the complete set of security violations that can or will result in an exception being thrown. However, there is a minimum set that must be supported. 

In the general case, any instruction that de-references an object reference must throw a SecurityException if the context ([[3.4_Contexts| Section 3.4, Contexts]]) in which the instruction is executing is different than the owning context ([[3.4_Contexts| Section 3.4, Contexts]]) of the referenced object. The list of instructions includes the instance field get and put instructions, the array load and store instructions, as well as the arraylength, invokeinterface, invokespecial, invokevirtual, checkcast, instanceof and athrow instructions. 

There are several exceptions to this general rule that allow cross-context use of objects or arrays. These exceptions are detailed in Chapter 6 of the **//Runtime Environment Specification for the Java Card Platform, Version 2.2.2//**. An important detail to note is that any cross-context method invocation will result in a context switch ([[3.4_Contexts| Section 3.4, Contexts]]). 

The Java Card virtual machine may also throw a **SecurityException** if an instruction violates any of the static constraints of [[6._The_CAP_File_Format| Chapter 6]], "The CAP File Format". The **//Virtual Machine Specification for the Java Card Platform, Version 2.2.2//** does not mandate which instructions must implement these additional security checks, or to what level. Therefore, a **SecurityException** may be thrown at any time during the operation of the Java Card virtual machine.