In order to debug or profile a virtual machine (VM), a communication channel is established from the external tool (e.g., the debugger or profiler) to the VM. Depending on the implemented protocol, sensitive data has to be transferred between the two processes. Typically the tool winds up gaining significant control over the target VM. This presents a security issue.
One possible solution would be to open a network connection (Transmission Control Protocol (TCP) socket) in conjunction with an additional security policy including a complex authentication process (e.g., Secure Sockets Layer (SSL)). This necessitates a very high protocol overhead and a lot of configuration.
For this reason, standard debugging protocols, such as Java Platform Debugger Architecture (JPDA), lack security restrictions. The VM simply opens a network port for the debugging client and it is up to the system administrator to somehow make sure that the open port on the machine is not misused by a hostile process, such as by configuring a firewall.