In this blog, 25.000 books will be uploaded, so far more than 1400 books are available. Books, will be added daily, please check this blog daily.
Sunday, July 4, 2010
Java Security 2nd Edition
The second edition focuses on the platform features of Java that provide security--the class loader, bytecode verifier, and security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers in depth the security model of Java 2, version 1.3, including the two new security APIs: JAAS and JSSE.
Table of Contents
Preface.................................................................................................................................................................1
Who Should Read This Book?.................................................................................................................1
Versions Used in This Book....................................................................................................................2
Conventions Used in This Book..............................................................................................................2
Organization of This Book.......................................................................................................................3
What's New in This Edition.....................................................................................................................5
How to Contact Us..................................................................................................................................5
Acknowledgments...................................................................................................................................6
Feedback for the Author.........................................................................................................................6
Chapter 1. Java Application Security...............................................................................................................7
1.1 What Is Security?..............................................................................................................................7
1.2 Software Used in This Book..............................................................................................................9
1.3 The Java Sandbox...........................................................................................................................14
1.4 Security Debugging........................................................................................................................17
1.5 Summary.........................................................................................................................................19
Chapter 2. The Default Sandbox.....................................................................................................................21
2.1 Elements of the Java Sandbox.........................................................................................................21
2.2 Permissions.....................................................................................................................................22
2.3 Keystores.........................................................................................................................................32
2.4 Code Sources..................................................................................................................................33
2.5 Policy Files.....................................................................................................................................33
2.6 The Default Sandbox.......................................................................................................................37
2.7 The java.security File.......................................................................................................................39
2.8 Comparison with Previous Releases................................................................................................40
2.9 Summary.........................................................................................................................................40
Chapter 3. Java Language Security................................................................................................................41
3.1 Java Language Security Constructs.................................................................................................41
3.2 Enforcement of the Java Language Rules........................................................................................46
3.3 Comparisons with Previous Releases..............................................................................................50
3.4 Summary.........................................................................................................................................51
Chapter 4. The Security Manager...................................................................................................................53
4.1 Overview of the Security Manager..................................................................................................53
4.2 Operating on the Security Manager.................................................................................................57
4.3 Methods of the Security Manager....................................................................................................58
4.4 Comparison with Previous Releases................................................................................................73
4.5 Summary.........................................................................................................................................74
Chapter 5. The Access Controller...................................................................................................................77
5.1 The CodeSource Class.....................................................................................................................77
5.2 Permissions.....................................................................................................................................78
5.3 The Policy Class.............................................................................................................................87
5.4 Protection Domains.........................................................................................................................90
5.5 The AccessController Class.............................................................................................................91
5.6 Guarded Objects..............................................................................................................................96
5.7 Comparison with Previous Releases................................................................................................97
5.8 Summary.........................................................................................................................................97
Chapter 6. Java Class Loaders........................................................................................................................99
6.1 The Class Loader and Namespaces..................................................................................................99
6.2 Class Loading Architecture............................................................................................................101
6.3 Implementing a Class Loader........................................................................................................102
6.4 Miscellaneous Class Loading Topics.............................................................................................110
6.5 Comparison with Previous Releases..............................................................................................112
6.6 Summary.......................................................................................................................................112
Chapter 7. Introduction to Cryptography....................................................................................................113
7.1 The Need for Authentication.........................................................................................................113
7.2 The Role of Authentication............................................................................................................117
7.3 Cryptographic Engines...................................................................................................................118
7.4 Summary.......................................................................................................................................122
Chapter 8. Security Providers......................................................................................................................123
8.1 The Architecture of Security Providers.........................................................................................123
8.2 The Provider Class.........................................................................................................................127
8.3 The Security Class.........................................................................................................................132
8.4 The Architecture of Engine Classes...............................................................................................137
8.5 Comparison with Previous Releases..............................................................................................137
8.6 Summary.......................................................................................................................................138
Chapter 9. Keys and Certificates...................................................................................................................139
9.1 Keys..............................................................................................................................................140
9.2 Generating Keys............................................................................................................................143
9.3 Key Factories................................................................................................................................151
9.4 Certificates....................................................................................................................................160
9.5 Keys, Certificates, and Object Serialization..................................................................................171
9.6 Comparison with Previous Releases..............................................................................................172
9.7 Summary.......................................................................................................................................172
Chapter 10. Key Management......................................................................................................................175
10.1 Key Management Terms..............................................................................................................175
10.2 The keytool.................................................................................................................................178
10.3 The Key Management API..........................................................................................................188
10.4 A Key Management Example......................................................................................................194
10.5 Secret Key Management..............................................................................................................199
10.6 Comparison with Previous Releases............................................................................................205
10.7 Summary.....................................................................................................................................206
Chapter 11. Message Digests.........................................................................................................................207
11.1 Using the Message Digest Class..................................................................................................207
11.2 Secure Message Digests...............................................................................................................210
11.3 Message Digest Streams..............................................................................................................212
11.4 Implementing a MessageDigest Class.........................................................................................216
11.5 Comparison with Previous Releases............................................................................................219
11.6 Summary.....................................................................................................................................219
ii
Chapter 12. Digital Signatures......................................................................................................................221
12.1 The Signature Class.....................................................................................................................221
12.2 Signed Classes............................................................................................................................230
12.3 Implementing a Signature Class..................................................................................................237
12.4 Comparison with Previous Releases............................................................................................241
12.5 Summary.....................................................................................................................................241
Chapter 13. Cipher−Based Encryption.........................................................................................................243
13.1 The Cipher Engine.......................................................................................................................243
13.2 Cipher Streams............................................................................................................................256
13.3 Sealed Objects.............................................................................................................................259
13.4 Comparison with Previous Releases............................................................................................260
13.5 Summary.....................................................................................................................................260
Chapter 14. SSL and HTTPS.........................................................................................................................261
14.1 An Overview of SSL and JSSE...................................................................................................261
14.2 SSL Client and Server Sockets....................................................................................................268
14.3 SSL Sessions...............................................................................................................................271
14.4 SSL Contexts and Key Managers................................................................................................273
14.5 Miscellaneous SSL Issues............................................................................................................281
14.6 The HTTPS Protocol Handler......................................................................................................286
14.7 Debugging JSSE..........................................................................................................................289
14.8 Summary.....................................................................................................................................290
Chapter 15. Authentication and Authorization...........................................................................................291
15.1 JAAS Overview..........................................................................................................................291
15.2 Simple JAAS programming.........................................................................................................293
15.3 Simple JAAS Administration......................................................................................................296
15.4 Advanced JAAS Topics...............................................................................................................303
15.5 Summary.....................................................................................................................................316
Appendix A. The java.security File...............................................................................................................317
Appendix B. Security Resources....................................................................................................................321
B.1 Security Bugs...............................................................................................................................321
B.2 Third−Party Security Providers.....................................................................................................325
B.3 Security References......................................................................................................................327
Appendix C. Identity−Based Key Management...........................................................................................329
C.1 Javakey.........................................................................................................................................329
C.2 Identities.......................................................................................................................................333
C.3 Identity Scopes.............................................................................................................................338
C.4 Key Management in an Identity Scope.........................................................................................344
C.5 Summary......................................................................................................................................351
Appendix D. The Secure Java Container.....................................................................................................353
D.1 The 1.1−Based Class Loader........................................................................................................353
D.2 The 1.1−Based Security Manager.................................................................................................358
D.3 Running Secure Applications........................................................................................................375
D.4 Summary......................................................................................................................................377
Appendix E. Implementing a JCE Security Provider.................................................................................379
Appendix F. Quick Reference.......................................................................................................................385
F.1 Package java.security.....................................................................................................................385
F.2 Package java.security.cert..............................................................................................................411
F.3 Package java.security.interfaces....................................................................................................416
F.4 Package java.security.spec.............................................................................................................420
F.5 Package javax.crypto.....................................................................................................................425
F.6 Package javax.crypto.interfaces.....................................................................................................435
F.7 Package javax.crypto.spec.............................................................................................................436
F.8 Package javax.net..........................................................................................................................442
F.9 Package javax.net.ssl.....................................................................................................................443
F.10 Package javax.security.auth.........................................................................................................448
F.11 Package javax.security.auth.callback..........................................................................................452
F.12 Package javax.security.auth.login................................................................................................456
F.13 Package javax.security.auth.spi...................................................................................................458
F.14 Package javax.security.cert..........................................................................................................458
F.15 Package com.sun.net.ssl..............................................................................................................460
F.16 Package com.sun.security.auth....................................................................................................466
F.17 Package com.sun.security.auth.login...........................................................................................472
F.18 Package com.sun.security.auth.module.......................................................................................472
F.19 Miscellaneous Packages..............................................................................................................474
Download this book click here
Another Computer Security books click here
Another Java books click here
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment