This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
From the Inside Flap
Give me a lever and a fulcrum, and I can move the globe. --Archimedes
Since Java technology's inception, and especially its public debut in the spring of 1995, strong and growing interest has developed regarding the security of the Java platform, as well as new security issues raised by the deployment of Java technology. This level of attention to security is a fairly new phenomenon in computing history. Most new computing technologies tend to ignore security considerations when they emerge initially, and most are never made more secure thereafter. Attempts made to do so typically are not very successful, as it is now well known that retrofitting security is usually very difficult, if not impossible, and often causes backward compatibility problems. Thus it is extremely fortunate that when Java technology burst on the Internet scene, security was one of its primary design goals. Its initial security model, although very simplistic, served as a great starting place, an Archimedean fulcrum. The engineering talents and strong management team at JavaSoft are the lever; together they made Java's extensive security architecture a reality.
From a technology provider's point of view, security on the Java platform focuses on two aspects. The first is to provide the Java platform, primarily through the Java Development Kit, as a secure, platform on which to run Java-enabled applications in a secure fashion. The second is to provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.
I wrote this book with many purposes in mind. First, I wanted to equip the reader with a brief but clear understanding of the overall picture of systems and network security, especially in the context of the Internet environment within which Java technology plays a central role, and how various security technologies relate to each other.
Second, I wanted to provide a comprehensive description of the current security architecture on the Java platform. This includes language features, platform APIs, security policies, and their enforcement mechanisms. Whenever appropriate, I discuss not only how a feature functions, but also why it is designed in such a way and the alternative approaches that we--the Java security development team at Sun Microsystems--examined and rejected. When demonstrating the use of a class or its methods, I use real-world code examples whenever appropriate. Some of these examples are synthesized from the JDK 1.2 code source tree.
Third, I sought to tell the reader about security deployment issues, both how an individual or an enterprise manages security and how to customize, extend, and enrich the existing security architecture. Finally, I wanted to help developers avoid programming errors by discussing a number of common mistakes and by providing tips for safe programming that can be immediately applied to ongoing projects. How This Book Is Organized
This book is organized as follows: Chapter 1. A general background on computer, network, and information security Chapter 2. A review of the original Java security model, the sandbox Chapter 3. An in-depth look at the new security architecture in JDK 1.2, which is policy-driven and capable of enforcing fine-grained access controls Chapter 4. An explanation of how to deploy and utilize the new security features in JDK 1.2, including security policy management, digital certificates, and various security tools Chapter 5. A demonstration of how to customize various aspects of the security architecture, including how to move legacy security code onto the JDK 1.2 platform Chapter 6. A review of techniques to make objects secure and tips for safe programming Chapter 7. An outline of the Java cryptography architecture along with usage examples Chapter 8. A look ahead to future directions for Java security
This book is primarily for serious Java programmers and for security professionals who want to understand Java security issues both from a macro (architectural) point of view as well as from a micro (design and implementation) perspective. It is also suitable for nonexperts who are concerned about Internet security as a whole, as this book clears up a number of misconceptions around Java security.
Throughout this book, I assume that the reader is familiar with the fundamentals of the Java language. For those who want to learn more about that language, the book by Arnold and Gosling is a good source. This book is not a complete API specification. For such details, please refer to JDK 1.2 documentation. Acknowledgments
It is a cliche to say that writing a book is not possible without the help of many others, but it is true. I am very grateful to Dick Neiss, my manager at JavaSoft, who encouraged me to write the book and regularly checked on my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped by guiding me through the writing process while maintaining a constant but "friendly" pressure. The team at Addison-Wesley was tremendously helpful. I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always encouraging, kept faith in me, and rescued me whenever I encountered obstacles.
This book is centered around JDK 1.2 security development, a project that lasted fully two years, during which many people inside and outside of Sun Microsystems contributed in one way or another to the design, implementation, testing, and documentation of the final product. I would like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen, Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde, Drew Dean, Satya Dodda, Michal Geva, Gadi Guy, Graham Hamilton, Mimi Hills, Larry Koved, Charlie Lai, Sheng Liang, Tim Lindholm, Jan Luehe, Gary McGraw, Marianne Mueller, Tony Nadalin, Don Neal, Jeff Nisewanger, Yu-Ching Peng, Hemma Prafullchandra, Benjamin Renaud, Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon, Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the technical guidance from James Gosling and Jim Mitchell, as well as management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I have had the pleasure of chairing the Java Security Advisory Council, and I thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer, Fred Schneider, and Michael Schroeder for their participation and superb insights into all matters that relate to computer security.
Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous reviewers provided valuable comments on draft versions of this book.
G. H. Hardy once said that young men should prove theorems, while old men should write books. It is now time to prove some more theorems. Li Gong
Los Altos, California
June 1999 0201310007P04062001