Guide to the Java security platform, covering security architecture, deployment, customization, and new developments. For all user levels. Softcover.
From the Back Cover
Inside Java™ 2 Platform Security , the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment.
While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats.
This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more.
Security fundamentals
Secure class loading
Specifying fine-grained security policy
Enforcing security policy with AccessController, SecurityManager, and more
Digital certificates, certification paths, signed code, JAAS, and other authentication measures
Java-based cryptography with code examples
JSSE, Java GSS-API, and RMI for network security
Previews of other platforms for security, including Java Card, J2ME and Jini
Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition, is an indispensable resource for all platform security needs.
The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.
About the Author
Li Gong is managing director of Sun Microsystems' Engineering and Research Institute in Beijing, China. Previously at Sun, he was engineering head of Java Security and Networking, Java Embedded Servers, and JXTA. He obtained B.S. and M.S. degrees from Tsinghua University, Beijing, and a Ph.D. from the University of Cambridge. He is associate editor-in-chief of IEEE Internet Computing.
Gary Ellison is a senior staff engineer at Sun Microsystems, where he designs secure network computing platforms. From 1999 through 2002, he led the architecture, design, and implementation of the security and networking components of the Java 2 Platform, Standard Edition. He holds a B.Sc. in mathematics and physical science from The Ohio State University.
Mary Dageforde is a freelance consultant who writes software documentation for various computer companies. She has an M.S. in computer science from Stanford University and a software design and development background. Since 1990, she has concentrated on documenting APIs, languages, tools, and systems.
Inventing is a combination of brains and materials. The more brains you use, the less material you need. —Charles Kettering
The phrases "computer security," "network security," and "information security" conjure up various notions and precepts to a given audience. Some people tend to envision technical measures, such as cryptography, as the sole means by which security is attained. Other people recognize the limitations of various technical measures and treat them as tools that, when used in combination with other technical measures, can accomplish the task at hand. The distinction is subtle but important. The phrase "platform security" reflects a holistic view of security, suggesting that the foundation is secure and can be relied on as is or used as a secure subsystem to leverage when building larger systems. Building a secure platform is a very difficult and exacting task that historically has been accomplished only when security is a design requirement that is taken into consideration at the onset. The idea that security can be "bolted on" has proved frail and wrought with failure modes, which has led to a mulititude of security breaches.
Java technology is possibly the only general-purpose secure computing platform to become commercially successful. This would never have happened had the designers not taken security seriously from the start. The security properties of Java technology are many, and the Java platform builds on itself to create a reliable and secure platform. The Java 2 security model would be impossible to make trustworthy if it were not for the safety net provided by the Java language itself. The Java language specifies the semantics to ensure type safety and referential integrity and yet would fail miserably if it were not for the enforcement and assurances the Java virtual machine provides. Thus, from these various secure subsystems, we have created a greater whole.
The target audience of this book is varied. We believe this book will be a useful resource to those seeking a general understanding of the security foundation the Java 2 security architecture provides and relies on. The book should also prove particularily useful to software practitioners building enterprise-class applications that must meet varied security requirements, ranging from authentication to authorization to information protection. This book provides insight into some of the design trade-offs we made as we developed the platform and the lessons we have learned as we continue to evolve and enhance the platform. We provide guidance to those needing to customize the security model for their specific purposes. We describe the inflection points we designed into the platform to accommodate those rare but critical customizations. Most of the aforementioned topics are targeted to system developers, yet we recognize that security is not limited to the implementation of an application. Equally important is the deployment of the application. For deployers, we supply descriptions ranging from expressing security policy to hardening the installation of the runtime environment.
This book does not explain to any level of detail the Java programming language. We recommend the book by Arnold and Gosling 3 as a good starting point. Also, we do not cover the various security APIs in their entirety, and thus we refer the reader to the Java 2 SDK documentation. How This Book Is Organized
The text of this book is organized to cater to its various audiences. The first two chapters supply background information providing the basis for more specific topics covered in subsequent chapters. The reader need not be proficient in the Java language to understand these introductory chapters. Chapters 3 through 6 describe the Java 2 security architecture, starting with general concepts and ending with comprehensive coverage of security policy enforcement. Chapters 7 through 11 are targeted toward the enterprise application developer, covering topics ranging from trust establishment to cryptography and network security. For these chapters, Java language proficiency is assumed. Chapter 12 is directly targeted toward deployers, who should also read Chapter 8 for additional details about trust establishment. It is our belief that deployers need not be proficient in the Java language and that they can ignore the sections of Chapter 8 describing APIs.
The content of each chapter of this book is as follows:
Chapter 1: A general background on computer, network, and information security
Chapter 2: A review of the Java security models, starting with the original sandbox and progressing to the fine-grained access control model
Chapter 3: An in-depth look at the Java 2 security architecture, which is policy driven and capable of enforcing fine-grained access controls
Chapter 4: Detailed coverage of class loading, including a description of the class loader inheritance hierarchy and the runtime delegation hierarchy
Chapter 5: An explanation of the security classes that supply the foundation for the enforcement of security policy at runtime
Chapter 6: Thorough coverage of the policy enforcement classes and the design of the Java 2 security architecture access control algorithm
Chapter 7: An explanation of the customization points provided for systems programmers who need to enhance the core security architecture
Chapter 8: An outline of the trust establishment capabilities and mechanisms supplied by the security architecture
Chapter 9: A presentation of common pitfalls and defensive programming strategies
Chapter 10: Comprehensive coverage of the cryptography-related APIs
Chapter 11: An operational overview of the APIs used to secure network protocols, including those for authentication, confidentiality, and integrity protection
Chapter 12: A presentation of the deployment options that may be used to securely deploy the Java runtime and Java technology-based applications
Chapter 13: A look at the various Java technology platforms and a glance toward the future of Java security
Inventing is a combination of brains and materials. The more brains you use, the less material you need. —Charles Kettering
The phrases "computer security," "network security," and "information security" conjure up various notions and precepts to a given audience. Some people tend to envision technical measures, such as cryptography, as the sole means by which security is attained. Other people recognize the limitations of various technical measures and treat them as tools that, when used in combination with other technical measures, can accomplish the task at hand. The distinction is subtle but important. The phrase "platform security" reflects a holistic view of security, suggesting that the foundation is secure and can be relied on as is or used as a secure subsystem to leverage when building larger systems. Building a secure platform is a very difficult and exacting task that historically has been accomplished only when security is a design requirement that is taken into consideration at the onset. The idea that security can be "bolted on" has proved frail and wrought with failure modes, which has led to a mulititude of security breaches.
Java technology is possibly the only general-purpose secure computing platform to become commercially successful. This would never have happened had the designers not taken security seriously from the start. The security properties of Java technology are many, and the Java platform builds on itself to create a reliable and secure platform. The Java 2 security model would be impossible to make trustworthy if it were not for the safety net provided by the Java language itself. The Java language specifies the semantics to ensure type safety and referential integrity and yet would fail miserably if it were not for the enforcement and assurances the Java virtual machine provides. Thus, from these various secure subsystems, we have created a greater whole.
The target audience of this book is varied. We believe this book will be a useful resource to those seeking a general understanding of the security foundation the Java 2 security architecture provides and relies on. The book should also prove particularily useful to software practitioners building enterprise-class applications that must meet varied security requirements, ranging from authentication to authorization to information protection. This book provides insight into some of the design trade-offs we made as we developed the platform and the lessons we have learned as we continue to evolve and enhance the platform. We provide guidance to those needing to customize the security model for their specific purposes. We describe the inflection points we designed into the platform to accommodate those rare but critical customizations. Most of the aforementioned topics are targeted to system developers, yet we recognize that security is not limited to the implementation of an application. Equally important is the deployment of the application. For deployers, we supply descriptions ranging from expressing security policy to hardening the installation of the runtime environment.
This book does not explain to any level of detail the Java programming language. We recommend the book by Arnold and Gosling 3 as a good starting point. Also, we do not cover the various security APIs in their entirety, and thus we refer the reader to the Java 2 SDK documentation.
How This Book Is Organized
The text of this book is organized to cater to its various audiences. The first two chapters supply background information providing the basis for more specific topics covered in subsequent chapters. The reader need not be proficient in the Java language to understand these introductory chapters. Chapters 3 through 6 describe the Java 2 security architecture, starting with general concepts and ending with comprehensive coverage of security policy enforcement. Chapters 7 through 11 are targeted toward the enterprise application developer, covering topics ranging from trust establishment to cryptography and network security. For these chapters, Java language proficiency is assumed. Chapter 12 is directly targeted toward deployers, who should also read Chapter 8 for additional details about trust establishment. It is our belief that deployers need not be proficient in the Java language and that they can ignore the sections of Chapter 8 describing APIs.
The content of each chapter of this book is as follows:
Chapter 1: A general background on computer, network, and information security
Chapter 2: A review of the Java security models, starting with the original sandbox and progressing to the fine-grained access control model
Chapter 3: An in-depth look at the Java 2 security architecture, which is policy driven and capable of enforcing fine-grained access controls
Chapter 4: Detailed coverage of class loading, including a description of the class loader inheritance hierarchy and the runtime delegation hierarchy
Chapter 5: An explanation of the security classes that supply the foundation for the enforcement of security policy at runtime
Chapter 6: Thorough coverage of the policy enforcement classes and the design of the Java 2 security architecture access control algorithm
Chapter 7: An explanation of the customization points provided for systems programmers who need to enhance the core security architecture
Chapter 8: An outline of the trust establishment capabilities and mechanisms supplied by the security architecture
Chapter 9: A presentation of common pitfalls and defensive programming strategies
Chapter 10: Comprehensive coverage of the cryptography-related APIs
Chapter 11: An operational overview of the APIs used to secure network protocols, including those for authentication, confidentiality, and integrity protection
Chapter 12: A presentation of the deployment options that may be used to securely deploy the Java runtime and Java technology-based applications
Chapter 13: A look at the various Java technology platforms and a glance toward the future of Java security
Description:
Guide to the Java security platform, covering security architecture, deployment, customization, and new developments. For all user levels. Softcover.
From the Back Cover
Inside Java™ 2 Platform Security , the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment.
While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats.
This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more.
Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition, is an indispensable resource for all platform security needs.
The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.
About the Author
Li Gong is managing director of Sun Microsystems' Engineering and Research Institute in Beijing, China. Previously at Sun, he was engineering head of Java Security and Networking, Java Embedded Servers, and JXTA. He obtained B.S. and M.S. degrees from Tsinghua University, Beijing, and a Ph.D. from the University of Cambridge. He is associate editor-in-chief of IEEE Internet Computing.
Gary Ellison is a senior staff engineer at Sun Microsystems, where he designs secure network computing platforms. From 1999 through 2002, he led the architecture, design, and implementation of the security and networking components of the Java 2 Platform, Standard Edition. He holds a B.Sc. in mathematics and physical science from The Ohio State University.
Mary Dageforde is a freelance consultant who writes software documentation for various computer companies. She has an M.S. in computer science from Stanford University and a software design and development background. Since 1990, she has concentrated on documenting APIs, languages, tools, and systems.
Excerpt. © Reprinted by permission. All rights reserved.
Inventing is a combination of brains and materials. The more brains you use, the less material you need.
—Charles Kettering
The phrases "computer security," "network security," and "information security" conjure up various notions and precepts to a given audience. Some people tend to envision technical measures, such as cryptography, as the sole means by which security is attained. Other people recognize the limitations of various technical measures and treat them as tools that, when used in combination with other technical measures, can accomplish the task at hand. The distinction is subtle but important. The phrase "platform security" reflects a holistic view of security, suggesting that the foundation is secure and can be relied on as is or used as a secure subsystem to leverage when building larger systems. Building a secure platform is a very difficult and exacting task that historically has been accomplished only when security is a design requirement that is taken into consideration at the onset. The idea that security can be "bolted on" has proved frail and wrought with failure modes, which has led to a mulititude of security breaches.
Java technology is possibly the only general-purpose secure computing platform to become commercially successful. This would never have happened had the designers not taken security seriously from the start. The security properties of Java technology are many, and the Java platform builds on itself to create a reliable and secure platform. The Java 2 security model would be impossible to make trustworthy if it were not for the safety net provided by the Java language itself. The Java language specifies the semantics to ensure type safety and referential integrity and yet would fail miserably if it were not for the enforcement and assurances the Java virtual machine provides. Thus, from these various secure subsystems, we have created a greater whole.
The target audience of this book is varied. We believe this book will be a useful resource to those seeking a general understanding of the security foundation the Java 2 security architecture provides and relies on. The book should also prove particularily useful to software practitioners building enterprise-class applications that must meet varied security requirements, ranging from authentication to authorization to information protection. This book provides insight into some of the design trade-offs we made as we developed the platform and the lessons we have learned as we continue to evolve and enhance the platform. We provide guidance to those needing to customize the security model for their specific purposes. We describe the inflection points we designed into the platform to accommodate those rare but critical customizations. Most of the aforementioned topics are targeted to system developers, yet we recognize that security is not limited to the implementation of an application. Equally important is the deployment of the application. For deployers, we supply descriptions ranging from expressing security policy to hardening the installation of the runtime environment.
This book does not explain to any level of detail the Java programming language. We recommend the book by Arnold and Gosling 3 as a good starting point. Also, we do not cover the various security APIs in their entirety, and thus we refer the reader to the Java 2 SDK documentation. How This Book Is Organized
The text of this book is organized to cater to its various audiences. The first two chapters supply background information providing the basis for more specific topics covered in subsequent chapters. The reader need not be proficient in the Java language to understand these introductory chapters. Chapters 3 through 6 describe the Java 2 security architecture, starting with general concepts and ending with comprehensive coverage of security policy enforcement. Chapters 7 through 11 are targeted toward the enterprise application developer, covering topics ranging from trust establishment to cryptography and network security. For these chapters, Java language proficiency is assumed. Chapter 12 is directly targeted toward deployers, who should also read Chapter 8 for additional details about trust establishment. It is our belief that deployers need not be proficient in the Java language and that they can ignore the sections of Chapter 8 describing APIs.
The content of each chapter of this book is as follows:
Chapter 1: A general background on computer, network, and information security
Chapter 2: A review of the Java security models, starting with the original sandbox and progressing to the fine-grained access control model
Chapter 3: An in-depth look at the Java 2 security architecture, which is policy driven and capable of enforcing fine-grained access controls
Chapter 4: Detailed coverage of class loading, including a description of the class loader inheritance hierarchy and the runtime delegation hierarchy
Chapter 5: An explanation of the security classes that supply the foundation for the enforcement of security policy at runtime
Chapter 6: Thorough coverage of the policy enforcement classes and the design of the Java 2 security architecture access control algorithm
Chapter 7: An explanation of the customization points provided for systems programmers who need to enhance the core security architecture
Chapter 8: An outline of the trust establishment capabilities and mechanisms supplied by the security architecture
Chapter 9: A presentation of common pitfalls and defensive programming strategies
Chapter 10: Comprehensive coverage of the cryptography-related APIs
Chapter 11: An operational overview of the APIs used to secure network protocols, including those for authentication, confidentiality, and integrity protection
Chapter 12: A presentation of the deployment options that may be used to securely deploy the Java runtime and Java technology-based applications
Chapter 13: A look at the various Java technology platforms and a glance toward the future of Java security
0201787911P05222003
Excerpt. © Reprinted by permission. All rights reserved.
Inventing is a combination of brains and materials. The more brains you use, the less material you need.
—Charles Kettering
The phrases "computer security," "network security," and "information security" conjure up various notions and precepts to a given audience. Some people tend to envision technical measures, such as cryptography, as the sole means by which security is attained. Other people recognize the limitations of various technical measures and treat them as tools that, when used in combination with other technical measures, can accomplish the task at hand. The distinction is subtle but important. The phrase "platform security" reflects a holistic view of security, suggesting that the foundation is secure and can be relied on as is or used as a secure subsystem to leverage when building larger systems. Building a secure platform is a very difficult and exacting task that historically has been accomplished only when security is a design requirement that is taken into consideration at the onset. The idea that security can be "bolted on" has proved frail and wrought with failure modes, which has led to a mulititude of security breaches.
Java technology is possibly the only general-purpose secure computing platform to become commercially successful. This would never have happened had the designers not taken security seriously from the start. The security properties of Java technology are many, and the Java platform builds on itself to create a reliable and secure platform. The Java 2 security model would be impossible to make trustworthy if it were not for the safety net provided by the Java language itself. The Java language specifies the semantics to ensure type safety and referential integrity and yet would fail miserably if it were not for the enforcement and assurances the Java virtual machine provides. Thus, from these various secure subsystems, we have created a greater whole.
The target audience of this book is varied. We believe this book will be a useful resource to those seeking a general understanding of the security foundation the Java 2 security architecture provides and relies on. The book should also prove particularily useful to software practitioners building enterprise-class applications that must meet varied security requirements, ranging from authentication to authorization to information protection. This book provides insight into some of the design trade-offs we made as we developed the platform and the lessons we have learned as we continue to evolve and enhance the platform. We provide guidance to those needing to customize the security model for their specific purposes. We describe the inflection points we designed into the platform to accommodate those rare but critical customizations. Most of the aforementioned topics are targeted to system developers, yet we recognize that security is not limited to the implementation of an application. Equally important is the deployment of the application. For deployers, we supply descriptions ranging from expressing security policy to hardening the installation of the runtime environment.
This book does not explain to any level of detail the Java programming language. We recommend the book by Arnold and Gosling 3 as a good starting point. Also, we do not cover the various security APIs in their entirety, and thus we refer the reader to the Java 2 SDK documentation.
How This Book Is Organized
The text of this book is organized to cater to its various audiences. The first two chapters supply background information providing the basis for more specific topics covered in subsequent chapters. The reader need not be proficient in the Java language to understand these introductory chapters. Chapters 3 through 6 describe the Java 2 security architecture, starting with general concepts and ending with comprehensive coverage of security policy enforcement. Chapters 7 through 11 are targeted toward the enterprise application developer, covering topics ranging from trust establishment to cryptography and network security. For these chapters, Java language proficiency is assumed. Chapter 12 is directly targeted toward deployers, who should also read Chapter 8 for additional details about trust establishment. It is our belief that deployers need not be proficient in the Java language and that they can ignore the sections of Chapter 8 describing APIs.
The content of each chapter of this book is as follows:
Chapter 1: A general background on computer, network, and information security
Chapter 2: A review of the Java security models, starting with the original sandbox and progressing to the fine-grained access control model
Chapter 3: An in-depth look at the Java 2 security architecture, which is policy driven and capable of enforcing fine-grained access controls
Chapter 4: Detailed coverage of class loading, including a description of the class loader inheritance hierarchy and the runtime delegation hierarchy
Chapter 5: An explanation of the security classes that supply the foundation for the enforcement of security policy at runtime
Chapter 6: Thorough coverage of the policy enforcement classes and the design of the Java 2 security architecture access control algorithm
Chapter 7: An explanation of the customization points provided for systems programmers who need to enhance the core security architecture
Chapter 8: An outline of the trust establishment capabilities and mechanisms supplied by the security architecture
Chapter 9: A presentation of common pitfalls and defensive programming strategies
Chapter 10: Comprehensive coverage of the cryptography-related APIs
Chapter 11: An operational overview of the APIs used to secure network protocols, including those for authentication, confidentiality, and integrity protection
Chapter 12: A presentation of the deployment options that may be used to securely deploy the Java runtime and Java technology-based applications
Chapter 13: A look at the various Java technology platforms and a glance toward the future of Java security
0201787911P05222003