Inside Java? 2 Platform Security - Li Gong, Gary Ellison, Mary Dageforde

Inside Java? 2 Platform Security

Architecture, API Design, and Implementation
Buch | Softcover
384 Seiten
2003 | 2nd edition
Addison Wesley (Verlag)
978-0-201-78791-7 (ISBN)
41,65 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Part of "The Java' Series", this is a guide to the Java security platform that provides a look into the central workings of the Java security architecture, and describes techniques for its successful implementation on a demanding network computing environment. It reviews the practices required to improve security without sacrificing functionality.
Series: The Java Series

Security is an integral part of the Java platform; all Java APIs are built on a solid security model. That model has always been stronger than the security of other platforms, never allowing for the proliferation of a large virus such as “Melissa” or “I Love You.” Now improved security and robust performance peacefully coexist.

This book provides a detailed look into the central workings of the Java security architecture, including coverage of the many v1.4 enhancements. This book reviews multiple security threats, such as Trojan horses and denial of service attacks, and the strategies used to combat them. Students will find a practical guide to the deployment of Java security, as well as tips on how to customize, extend, and refine the core security architecture. In addition, it touches on the evolution of Java security, from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2. The book even includes a list of 11 security bugs found in early versions of Java.

Li Gong is managing director of Sun Microsystems' Engineering and Research Institute in Beijing, China. Previously at Sun, he was engineering head of Java Security and Networking, Java Embedded Servers, and JXTA. He obtained B.S. and M.S. degrees from Tsinghua University, Beijing, and a Ph.D. from the University of Cambridge. He is associate editor-in-chief of IEEE Internet Computing. Gary Ellison is a senior staff engineer at Sun Microsystems, where he designs secure network computing platforms. From 1999 through 2002, he led the architecture, design, and implementation of the security and networking components of the Java 2 Platform, Standard Edition. He holds a B.Sc. in mathematics and physical science from The Ohio State University. Mary Dageforde is a freelance consultant who writes software documentation for various computer companies. She has an M.S. in computer science from Stanford University and a software design and development background. Since 1990, she has concentrated on documenting APIs, languages, tools, and systems.

Preface.


How This Book Is Organized.



Acknowledgements.



About the Authors.



Preface to the First Edition.


Computer and Network Security Fundamentals.


Cryptography versus Computer Security.



Threats and Protection.



Perimeter Defense



Access Control and Security Models.



Using Cryptography.



Authentication.



Mobile Code.



Where Java Technology-Based Security Fits In.



Basic Security for the Java Programming Language.


The Java Programming Language and Platform.



Original Basic Security Architecture.



Bytecode Verification and Type Safety.



Signed Applets.



Further Enhancements.



Java 2 Security Architecture.


Security Architecture Requirements of Java™ 2.



Overview of the Java 2 Security Architecture.



Architecture Summary.



Lessons Learned.



Secure Class Loading.


Class Files, Types, and Defining Class Loaders.



Well-Known Class Loader Instances.



Class Loader Hierarchies.



Loading Classes.



SecureClassLoader Details.



URLClassLoader Details.



Class Paths.



Elements of Security Policy.


Permissions.



Describing Code.



ProtectionDomain.



Security Policy.



Assigning Permissions.



Dynamic Security Policy.



Enforcing Security Policy.


SecurityManager.



AccessControlContext.



DomainCombiner.



AccessController.



Customizing Security Policy.


Customizing Security Policy Enforcement.



Customizing Security Policy Decisions.



Customizing the Access Control Context.



Establishing Trust.


Digital Certificates.



Establishing Trust with Certification Paths.



Establishing Trust in Signed Code.



User-Centric Authentication and Authorization using JAAS.



Distributed End-Entity Authentication.



Object Security.


Security Exceptions.



Fields and Methods.



Static Fields.



Private Object State and Object Immutability.



Privileged Code.



Serialization.



Inner Classes.



Native Methods.



Signing Objects.



Sealing Objects.



Guarding Objects.



Programming Cryptography.


Cryptographic Concepts.



Design Principles.



Cryptographic Services and Service Providers.



Core Cryptography Classes.



Additional Cryptography Classes.



Code Examples.



Standard Names.



Algorithm Specifications.



Network Security.


Java GSS-API.



JSSE.



Remote Method Invocation.



Deploying the Security Architecture.


Installing the Latest Java 2 Platform Software.



The Installation Directory.



Setting System and Security Properties.



Securing the Deployment.



Installing Provider Packages.



Policy Configuration.



JAAS Login Configuration Files.



Security Tools.



Other Platforms and Future Directions.


Introduction to Java Card.



Introduction to Java 2 Micro Edition.



Security Enhancements On the Horizon for J2SE.



Brief Introduction To Jini Network Technology.



Brief Introduction to J2EE.



Client Containers.



Final Remarks.



Bibliography.


Index. 0201787911T04082003

Erscheint lt. Verlag 5.6.2003
Verlagsort Boston
Sprache englisch
Maße 234 x 177 mm
Gewicht 585 g
Themenwelt Informatik Programmiersprachen / -werkzeuge Java
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-201-78791-1 / 0201787911
ISBN-13 978-0-201-78791-7 / 9780201787917
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
mit über 150 Workouts in Java und Python

von Luigi Lo Iacono; Stephan Wiefling; Michael Schneider

Buch (2023)
Carl Hanser (Verlag)
29,99
Einführung, Ausbildung, Praxis

von Christian Ullenboom

Buch | Hardcover (2023)
Rheinwerk (Verlag)
49,90