Inside Java(TM) 2 Platform Security : Architecture, API Design, and Implementation / Edition 1

Inside Java(TM) 2 Platform Security : Architecture, API Design, and Implementation / Edition 1

by Li Gong
     
 

ISBN-10: 0201310007

ISBN-13: 9780201310009

Pub. Date: 06/10/1999

Publisher: Addison-Wesley

"The book is of enormous consequence and potential value. The Java 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else."
—Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum

See more details below

Overview

"The book is of enormous consequence and potential value. The Java 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else."

—Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum

"Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book."

—Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute

Inside the Java 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java security architecture and describes security tools and techniques for successful implementation.

This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model.

You will find detailed discussions on such specific topics as:

  • The original Java sandbox security model
  • The new Java 2 Platform permission hierarchy
  • How Java security supports the secure loading of classes
  • Java 2 access controlmechanisms
  • Policy configuration
  • Digital certificates
  • Security tools, including Key Store and Jar Signer
  • Secure Java programming techniques
  • Ways to customize the Java security architecture with new permission types
  • How to move legacy security code onto the Java 2 Platform

In addition, the book discusses techniques for preserving object security—such as signing, sealing, and guarding objects—and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods.

With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications.



Product Details

ISBN-13:
9780201310009
Publisher:
Addison-Wesley
Publication date:
06/10/1999
Series:
Addison-Wesley Java Series
Pages:
288
Product dimensions:
7.39(w) x 9.25(h) x 0.54(d)

Table of Contents

Preface xi
How This Book Is Organized xii
Acknowledgments xiii
Computer and Network Security Fundamentals
1(20)
Cryptography versus Computer Security
2(1)
Threats and Protection
3(1)
Perimeter Defense
4(3)
Firewalls
6(1)
Inadequacies of Perimeter Defense Alone
6(1)
Access Control and Security Models
7(4)
MAC and DAC Models
7(1)
Access to Data and Information
8(1)
Static versus Dynamic Models
9(1)
Considerations Concerning the Use of Security Models
10(1)
Using Cryptography
11(4)
One-Way Hash Functions
12(1)
Symmetric Ciphers
13(1)
Asymmetric Ciphers
14(1)
Authentication
15(2)
Mobile Code
17(1)
Where Does Java Security Fit In
18(3)
Basic Security for the Java Language
21(12)
The Java Language and Platform
22(1)
Basic Security Architecture
23(2)
Bytecode Verification and Type Safety
25(2)
Signed Applets
27(1)
A Brief History of Security Bugs and Fixes
28(5)
JDK 1.2 Security Architecture
33(80)
From the Beginning
33(1)
Why a New Security Architecture
34(3)
Sandbox Restrictions on Applets Too Limiting
34(1)
Insufficient Separation Between Policy and Enforcement
35(1)
Security Checks Not Easily Extensible
35(1)
Locally Installed Applets Too Easily Trusted
36(1)
Internal Security Mechanisms Fragile
36(1)
Summary
37(1)
Java. security. General Security Exception
37(1)
Security Policy
38(3)
Code Source
41(4)
Testing for Equality and Using Implication
43(2)
Permission Hierarchy
45(21)
Java. Security. Permission
46(2)
Permission Sets
48(2)
Java. Security. Unresolved Permission
50(2)
Java. io. File Permission
52(3)
Jave. net. Socket Permission
55(4)
Java. security. Basic Permission
59(1)
Java. util. Property Permission
59(2)
Java. lang. Runtime Permission
61(1)
Java. awt. AWT Permission
62(1)
Java. net. Net Permission
63(1)
Java. lang. reflect. Reflect Permission
63(1)
Java. io. Serializable Permission
64(1)
Java. Security. Security Permission
64(1)
Java. security. All Permission
65(1)
Implications of Permission Implications
66(1)
Assigning Permissions
66(3)
Positive versus Negative Permissions
68(1)
ProtectionDomain
69(2)
Securely Loading Classes
71(12)
Class Loader Hierarchy
72(2)
Java. lang.Class Loader and Delegation
74(5)
Java. Security. Secure Class Loader
79(1)
Java. net. URL Class Loader
80(1)
Classpaths
81(2)
Java. lang. SecurityManager
83(7)
Example Use of the Security Manager
83(1)
Unchanged APIs in JDK 1.2
84(1)
Deprecated Methods in JDK 1.2
85(5)
Java. security. AccessController
90(16)
Interface Design of Access Controller
91(1)
The Basic Access Control Algorithm
92(2)
Method Inheritance
94(1)
Extending the Basic Algorithm with Privilged Operations
95(3)
Three Types of Privileged Actions
98(3)
The Context of Access Control
101(1)
The Full Access Control Algorithm
102(2)
SecurityManager versus AccessController
104(1)
A Mini-History of Privileged Operations
105(1)
Summary and Lessons Learned
106(7)
Deploying the Security Architecture
113(40)
Installing JDK 1.2
113(2)
Policy Configuration
115(10)
Configuring System-Wide and User-Specific Policies
115(1)
Configuring Application-Specific Policies
116(1)
Configuring an Alternative Policy Class Implementation
117(1)
Default Policy File Format
118(4)
Policy File Examples
122(1)
Property Expansion in Policy Files
123(2)
Digital Certificates
125(5)
Helpful Security Tools
130(20)
Keystore Databases
130(3)
Keytool
133(6)
Policy Tool
139(4)
Jarsigner
143(5)
Code Signing Example
148(2)
Managing Security Policies for Nonexperts
150(3)
Customizing the Security Architecture
153(20)
Creating New Permission Types
153(2)
Composite Permissions
155(1)
Customizing Security Policy
156(2)
Migrating JDK 1.1-Based Security Managers
158(15)
JDK 1.1 SEcurity Manager Classes
158(2)
Accommodating JDK 1.1 Security Managers on JDK 1.2
160(3)
Modifying JDK 1.1 Security Managers for JDK 1.2
163(10)
Object Security
173(18)
Security Exceptions
173(1)
Fields and Methods
174(2)
Static Fields
176(1)
Private Object State and Object Immutability
176(2)
Privileged Code
178(1)
Serialization
179(2)
Inner Classes
181(1)
Native Methods
182(1)
Signing Objects
182(3)
Sealing Objects
185(1)
Guarding Objects
186(5)
Examples of Using GuardedObject
188(3)
Programming Cryptography
191(38)
Design Principles
192(1)
Cryptographic Services and Service Providers
193(6)
Installing and Adding a Provider
197(2)
Cryptography Classes
199(16)
java. security. Security
199(1)
java. security. Provider
200(1)
java. Security. Message Digest
200(1)
java.security. Signature
201(3)
Algorithm Parameters
204(3)
java. security. Key and java. security. spec. Key Spec
207(3)
java. security. Key Factory and java. security. cert. Certificate Factory
210(2)
Key Pair and Key Pair Generator
212(2)
java. security. Key Store
214(1)
Randomness and Seed Generators
215(2)
java. security. Secure Random
216(1)
Code Examples
217(5)
Example 1: Computing a Message Digest
217(1)
Example 2: Generating a Public/Private Key Pair
218(1)
Example 3: Generating and Verifying Signatures
219(2)
Example 4: Reading a File That Contains Certificates
221(1)
Standard Names
222(2)
Message Digest Algorithms
222(1)
Key and Parameter Algorithms
222(1)
Digital Signature Algorithms
223(1)
Random Number Generation Algorithms
223(1)
Certificate Types
224(1)
Keystore Types
224(1)
Algorithm Specifications
224(5)
SHA-1 Message Digest Algorithm
225(1)
MD2 Message Digest Algorithm
225(1)
MD5 Message Digest Algorithm
225(1)
Digital Signature Algorithm
225(1)
RSA-Based Signature Algorithms
225(1)
DSA-Key Pair Generation Algorithm
226(1)
RSA Key Pair Generation Algorithm
227(1)
DSA Parameter Generation Algorithm
227(2)
Future Directions
229(16)
Security Management
229(1)
JDK Feature Enhancement
230(2)
Java Authentication and Authorization Service
232(10)
Subjects and Principals
234(1)
Credentials
234(1)
Pluggable and Stacked Authentication
235(4)
Callbacks
239(10)
Access Control
249
JAAS Implementation
241(1)
Conclusion
242(3)
Bibliography 245(6)
Index 251

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >