Inside Java™ 2 Platform Security - Li Gong

Inside Java™ 2 Platform Security

Architecture, API Design, and Implementation

(Autor)

Buch | Softcover
288 Seiten
1999
Addison Wesley (Verlag)
978-0-201-31000-9 (ISBN)
39,95 inkl. MwSt
zur Neuauflage
  • Titel erscheint in neuer Auflage
  • Artikel merken
Zu diesem Artikel existiert eine Nachauflage
Java 2 introduces a security model with new security techniques. It offers the developer a level of security that exceed earlier versions. Topics in this work include applied cryptology, seed generators and randomness, and features the Java authorization and authentication service.
"The book is of enormous consequence and potential value. The Java 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else." --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum "Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book." --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute Inside the Java 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java security architecture and describes security tools and techniques for successful implementation. This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture.
For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model. You will find detailed discussions on such specific topics as: *The original Java sandbox security model *The new Java 2 Platform permission hierarchy *How Java security supports the secure loading of classes *Java 2 access control mechanisms *Policy configuration *Digital certificates *Security tools, including Key Store and Jar Signer *Secure Java programming techniques *Ways to customize the Java security architecture with new permission types *How to move legacy security code onto the Java 2 Platform In addition, the book discusses techniques for preserving object security--such as signing, sealing, and guarding objects--and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods.
With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications. 0201310007B04062001

Li Gong is managing director of Sun Microsystems' Engineering and Research Institute in Beijing, China. Previously at Sun, he was engineering head of Java Security and Networking, Java Embedded Servers, and JXTA. He obtained B.S. and M.S. degrees from Tsinghua University, Beijing, and a Ph.D. from the University of Cambridge. He is associate editor-in-chief of IEEE Internet Computing.

Preface.


How This Book Is Organized.


Acknowledgments.


1. Computer and Network Security Fundamentals.


Cryptography versus Computer Security.



Threats and Protection.



Perimeter Defense.



Firewalls.



Inadequacies of Perimeter Defense Alone.



Access Control and Security Models.



MAC and DAC Models.



Access to Data and Information.



Static versus Dynamic Models.



Considerations Concerning the Use of Security Models.



Using Cryptography.



One-Way Hash Functions.



Symmetric Ciphers.



Asymmetric Ciphers.



Authentication.



Mobile Code.



Where Does Java Security Fit In.



2. Basic Security for the Java Language.


The Java Language and Platform.



Basic Security Architecture.



Bytecode Verification and Type Safety.



Signed Applets.



A Brief History of Security Bugs and Fixes.



3. JDK 1.2 Security Architecture.


From the Beginning.



Why a New Security Architecture.



Sandbox Restrictions on Applets Too Limiting.



Insufficient Separation Between Policy and Enforcement.



Security Checks Not Easily Extensible.



Locally Installed Applets Too Easily Trusted.



Internal Security Mechanisms Fragile.



Summary.



java.security.GeneralSecurityException.



Security Policy.



CodeSource.



Testing for Equality and Using Implication.



Permission Hierarchy.



java.security.Permission.



Permission Sets.



java.security.UnresolvedPermission.



java.io.FilePermission.



java.net.SocketPermission.



java.security.BasicPermission.



java.util.PropertyPermission.



java.lang.RuntimePermission.



java.awt.AWTPermission.



java.net.NetPermission.



java.lang.reflect.ReflectPermission.



java.io.SerializablePermission.



java.security.SecurityPermission.



java.security.AllPermission.



Implications of Permission Implications.



Assigning Permissions.



Positive versus Negative Permissions.



ProtectionDomain.



Securely Loading Classes.



Class Loader Hierarchy.



java.lang.ClassLoader and Delegation.



java.security.SecureClassLoader.



java.net.URLClassLoader.



Classpaths.



java.lang.SecurityManager.



Example Use of the Security Manager.



Unchanged APIs in JDK 1.2.



Deprecated Methods in JDK 1.2.



java.security.AccessController.



Interface Design of AccessController.



The Basic Access Control Algorithm.



Method Inheritance.



Extending the Basic Algorithm with Privileged Operations.



Three Types of Privileged Actions.



The Context of Access Control.



The Full Access Control Algorithm.



SecurityManager versus AccessController.



A Mini-History of Privileged Operations.



Summary and Lessons Learned.



4. Deploying the Security Architecture.


Installing JDK 1.2.



Policy Configuration.



Configuring System-Wide and User-Specific Policies.



Configuring Application-Specific Policies.



Configuring an Alternative Policy Class Implementation.



Default Policy File Format.



Policy File Examples.



Property Expansion in Policy Files.



Digital Certificates.



Helpful Security Tools.



Keystore Databases.



Keytool.



Policy Tool.



Jarsigner.



Code Signing Example.



Managing Security Policies for Nonexperts.



5. Customizing the Security Architecture.


Creating New Permission Types.



Composite Permissions.



Customizing Security Policy.



Migrating JDK 1.1-Based Security Managers.



JDK 1.1 Security Manager Classes.



Accommodating JDK 1.1 Security Managers on JDK 1.2.



Modifying JDK 1.1 Security Managers for JDK 1.2.



6. Object Security.


Security Exceptions.



Fields and Methods.



Static Fields.



Private Object State and Object Immutability.



Privileged Code.



Serialization.



Inner Classes.



Native Methods.



Signing Objects.



Sealing Objects.



Guarding Objects.



Examples of Using GuardedObject.



7. Programming Cryptography.


Design Principles.



Cryptographic Services and Service Providers.



Installing and Adding a Provider.



Cryptography Classes.



java.security.Security.



java.security.Provider.



java.security.MessageDigest.



java.security.Signature.



Algorithm Parameters.



java.security.Key and java.security.spec.KeySpec.



java.security.KeyFactory and java.security.cert.CertificateFactory.



KeyPair and KeyPairGenerator.



java.security.KeyStore.



Randomness and Seed Generators.



java.security.SecureRandom.



Code Examples.



Example 1: Computing a Message Digest.



Example 2: Generating a Public/Private Key Pair.



Example 3: Generating and Verifying Signatures.



Example 4: Reading a File That Contains Certificates.



Standard Names.



Message Digest Algorithms.



Key and Parameter Algorithms.



Digital Signature Algorithms.



Random Number Generation Algorithms.



Certificate Types.



Keystore Types.



Algorithm Specifications.



SHA-1 Message Digest Algorithm.



MD2 Message Digest Algorithm.



MD5 Message Digest Algorithm.



Digital Signature Algorithm.



RSA-Based Signature Algorithms.



DSA KeyPair Generation Algorithm.



RSA KeyPair Generation Algorithm.



DSA Parameter Generation Algorithm.



8. Future Directions.


Security Management.



JDK Feature Enhancement.



Java Authentication and Authorization Service.



Subjects and Principals.



Credentials.



Pluggable and Stacked Authentication.



Callbacks.



Access Control.



JAAS Implementation.



Conclusion.



Bibliography.


Index. 0201310007T04062001

Erscheint lt. Verlag 26.7.1999
Verlagsort Boston
Sprache englisch
Maße 188 x 235 mm
Gewicht 484 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Programmiersprachen / -werkzeuge Java
Informatik Theorie / Studium Kryptologie
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-201-31000-7 / 0201310007
ISBN-13 978-0-201-31000-9 / 9780201310009
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00