Sunday, July 4, 2010

Java Security 2nd Edition














The second edition focuses on the platform features of Java that provide security--the class loader, bytecode verifier, and security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers in depth the security model of Java 2, version 1.3, including the two new security APIs: JAAS and JSSE.

Table of Contents
Preface.................................................................................................................................................................1
Who Should Read This Book?.................................................................................................................1
Versions Used in This Book....................................................................................................................2
Conventions Used in This Book..............................................................................................................2
Organization of This Book.......................................................................................................................3
What's New in This Edition.....................................................................................................................5
How to Contact Us..................................................................................................................................5
Acknowledgments...................................................................................................................................6
Feedback for the Author.........................................................................................................................6
Chapter 1. Java Application Security...............................................................................................................7
1.1 What Is Security?..............................................................................................................................7
1.2 Software Used in This Book..............................................................................................................9
1.3 The Java Sandbox...........................................................................................................................14
1.4 Security Debugging........................................................................................................................17
1.5 Summary.........................................................................................................................................19
Chapter 2. The Default Sandbox.....................................................................................................................21
2.1 Elements of the Java Sandbox.........................................................................................................21
2.2 Permissions.....................................................................................................................................22
2.3 Keystores.........................................................................................................................................32
2.4 Code Sources..................................................................................................................................33
2.5 Policy Files.....................................................................................................................................33
2.6 The Default Sandbox.......................................................................................................................37
2.7 The java.security File.......................................................................................................................39
2.8 Comparison with Previous Releases................................................................................................40
2.9 Summary.........................................................................................................................................40
Chapter 3. Java Language Security................................................................................................................41
3.1 Java Language Security Constructs.................................................................................................41
3.2 Enforcement of the Java Language Rules........................................................................................46
3.3 Comparisons with Previous Releases..............................................................................................50
3.4 Summary.........................................................................................................................................51
Chapter 4. The Security Manager...................................................................................................................53
4.1 Overview of the Security Manager..................................................................................................53
4.2 Operating on the Security Manager.................................................................................................57
4.3 Methods of the Security Manager....................................................................................................58
4.4 Comparison with Previous Releases................................................................................................73
4.5 Summary.........................................................................................................................................74
Chapter 5. The Access Controller...................................................................................................................77
5.1 The CodeSource Class.....................................................................................................................77
5.2 Permissions.....................................................................................................................................78
5.3 The Policy Class.............................................................................................................................87
5.4 Protection Domains.........................................................................................................................90
5.5 The AccessController Class.............................................................................................................91
5.6 Guarded Objects..............................................................................................................................96
5.7 Comparison with Previous Releases................................................................................................97
5.8 Summary.........................................................................................................................................97
Chapter 6. Java Class Loaders........................................................................................................................99
6.1 The Class Loader and Namespaces..................................................................................................99
6.2 Class Loading Architecture............................................................................................................101
6.3 Implementing a Class Loader........................................................................................................102
6.4 Miscellaneous Class Loading Topics.............................................................................................110
6.5 Comparison with Previous Releases..............................................................................................112
6.6 Summary.......................................................................................................................................112
Chapter 7. Introduction to Cryptography....................................................................................................113
7.1 The Need for Authentication.........................................................................................................113
7.2 The Role of Authentication............................................................................................................117
7.3 Cryptographic Engines...................................................................................................................118
7.4 Summary.......................................................................................................................................122
Chapter 8. Security Providers......................................................................................................................123
8.1 The Architecture of Security Providers.........................................................................................123
8.2 The Provider Class.........................................................................................................................127
8.3 The Security Class.........................................................................................................................132
8.4 The Architecture of Engine Classes...............................................................................................137
8.5 Comparison with Previous Releases..............................................................................................137
8.6 Summary.......................................................................................................................................138
Chapter 9. Keys and Certificates...................................................................................................................139
9.1 Keys..............................................................................................................................................140
9.2 Generating Keys............................................................................................................................143
9.3 Key Factories................................................................................................................................151
9.4 Certificates....................................................................................................................................160
9.5 Keys, Certificates, and Object Serialization..................................................................................171
9.6 Comparison with Previous Releases..............................................................................................172
9.7 Summary.......................................................................................................................................172
Chapter 10. Key Management......................................................................................................................175
10.1 Key Management Terms..............................................................................................................175
10.2 The keytool.................................................................................................................................178
10.3 The Key Management API..........................................................................................................188
10.4 A Key Management Example......................................................................................................194
10.5 Secret Key Management..............................................................................................................199
10.6 Comparison with Previous Releases............................................................................................205
10.7 Summary.....................................................................................................................................206
Chapter 11. Message Digests.........................................................................................................................207
11.1 Using the Message Digest Class..................................................................................................207
11.2 Secure Message Digests...............................................................................................................210
11.3 Message Digest Streams..............................................................................................................212
11.4 Implementing a MessageDigest Class.........................................................................................216
11.5 Comparison with Previous Releases............................................................................................219
11.6 Summary.....................................................................................................................................219
ii
Chapter 12. Digital Signatures......................................................................................................................221
12.1 The Signature Class.....................................................................................................................221
12.2 Signed Classes............................................................................................................................230
12.3 Implementing a Signature Class..................................................................................................237
12.4 Comparison with Previous Releases............................................................................................241
12.5 Summary.....................................................................................................................................241
Chapter 13. Cipher−Based Encryption.........................................................................................................243
13.1 The Cipher Engine.......................................................................................................................243
13.2 Cipher Streams............................................................................................................................256
13.3 Sealed Objects.............................................................................................................................259
13.4 Comparison with Previous Releases............................................................................................260
13.5 Summary.....................................................................................................................................260
Chapter 14. SSL and HTTPS.........................................................................................................................261
14.1 An Overview of SSL and JSSE...................................................................................................261
14.2 SSL Client and Server Sockets....................................................................................................268
14.3 SSL Sessions...............................................................................................................................271
14.4 SSL Contexts and Key Managers................................................................................................273
14.5 Miscellaneous SSL Issues............................................................................................................281
14.6 The HTTPS Protocol Handler......................................................................................................286
14.7 Debugging JSSE..........................................................................................................................289
14.8 Summary.....................................................................................................................................290
Chapter 15. Authentication and Authorization...........................................................................................291
15.1 JAAS Overview..........................................................................................................................291
15.2 Simple JAAS programming.........................................................................................................293
15.3 Simple JAAS Administration......................................................................................................296
15.4 Advanced JAAS Topics...............................................................................................................303
15.5 Summary.....................................................................................................................................316
Appendix A. The java.security File...............................................................................................................317
Appendix B. Security Resources....................................................................................................................321
B.1 Security Bugs...............................................................................................................................321
B.2 Third−Party Security Providers.....................................................................................................325
B.3 Security References......................................................................................................................327
Appendix C. Identity−Based Key Management...........................................................................................329
C.1 Javakey.........................................................................................................................................329
C.2 Identities.......................................................................................................................................333
C.3 Identity Scopes.............................................................................................................................338
C.4 Key Management in an Identity Scope.........................................................................................344
C.5 Summary......................................................................................................................................351
Appendix D. The Secure Java Container.....................................................................................................353
D.1 The 1.1−Based Class Loader........................................................................................................353
D.2 The 1.1−Based Security Manager.................................................................................................358
D.3 Running Secure Applications........................................................................................................375
D.4 Summary......................................................................................................................................377
Appendix E. Implementing a JCE Security Provider.................................................................................379
Appendix F. Quick Reference.......................................................................................................................385
F.1 Package java.security.....................................................................................................................385
F.2 Package java.security.cert..............................................................................................................411
F.3 Package java.security.interfaces....................................................................................................416
F.4 Package java.security.spec.............................................................................................................420
F.5 Package javax.crypto.....................................................................................................................425
F.6 Package javax.crypto.interfaces.....................................................................................................435
F.7 Package javax.crypto.spec.............................................................................................................436
F.8 Package javax.net..........................................................................................................................442
F.9 Package javax.net.ssl.....................................................................................................................443
F.10 Package javax.security.auth.........................................................................................................448
F.11 Package javax.security.auth.callback..........................................................................................452
F.12 Package javax.security.auth.login................................................................................................456
F.13 Package javax.security.auth.spi...................................................................................................458
F.14 Package javax.security.cert..........................................................................................................458
F.15 Package com.sun.net.ssl..............................................................................................................460
F.16 Package com.sun.security.auth....................................................................................................466
F.17 Package com.sun.security.auth.login...........................................................................................472
F.18 Package com.sun.security.auth.module.......................................................................................472
F.19 Miscellaneous Packages..............................................................................................................474

Download this book click here
Another Computer Security books click here
Another Java books click here

No comments:

Post a Comment

Related Posts with Thumbnails

Put Your Ads Here!