My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free Shipping in Australia
Trustpilot
Proud to be B-Corp

Inside Java (TM) 2 Platform Security Li Gong

Inside Java (TM) 2 Platform Security By Li Gong

Inside Java (TM) 2 Platform Security by Li Gong

Reviews:
Condition - Very Good
Out of stock
Very Good

Summary

Java 2 introduces a security model with new security techniques. It offers the developer a level of security that exceed earlier versions. Topics in this work include applied cryptology, seed generators and randomness, and features the Java authorization and authentication service.

Inside Java (TM) 2 Platform Security Summary

Inside Java (TM) 2 Platform Security: Architecture, API Design, and Implementation by Li Gong

The book is of enormous consequence and potential value. The Java 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else. --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book. --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute Inside the Java 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java security architecture and describes security tools and techniques for successful implementation. This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model. You will find detailed discussions on such specific topics as: *The original Java sandbox security model *The new Java 2 Platform permission hierarchy *How Java security supports the secure loading of classes *Java 2 access control mechanisms *Policy configuration *Digital certificates *Security tools, including Key Store and Jar Signer *Secure Java programming techniques *Ways to customize the Java security architecture with new permission types *How to move legacy security code onto the Java 2 Platform In addition, the book discusses techniques for preserving object security--such as signing, sealing, and guarding objects--and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods. With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications. 0201310007B04062001

About Li Gong

Li Gong is managing director of Sun Microsystems' Engineering and Research Institute in Beijing, China. Previously at Sun, he was engineering head of Java Security and Networking, Java Embedded Servers, and JXTA. He obtained B.S. and M.S. degrees from Tsinghua University, Beijing, and a Ph.D. from the University of Cambridge. He is associate editor-in-chief of IEEE Internet Computing.

Table of Contents



Preface.


How This Book Is Organized.


Acknowledgments.


1. Computer and Network Security Fundamentals.

Cryptography versus Computer Security.

Threats and Protection.

Perimeter Defense.

Firewalls.

Inadequacies of Perimeter Defense Alone.

Access Control and Security Models.

MAC and DAC Models.

Access to Data and Information.

Static versus Dynamic Models.

Considerations Concerning the Use of Security Models.

Using Cryptography.

One-Way Hash Functions.

Symmetric Ciphers.

Asymmetric Ciphers.

Authentication.

Mobile Code.

Where Does Java Security Fit In.



2. Basic Security for the Java Language.

The Java Language and Platform.

Basic Security Architecture.

Bytecode Verification and Type Safety.

Signed Applets.

A Brief History of Security Bugs and Fixes.



3. JDK 1.2 Security Architecture.

From the Beginning.

Why a New Security Architecture.

Sandbox Restrictions on Applets Too Limiting.

Insufficient Separation Between Policy and Enforcement.

Security Checks Not Easily Extensible.

Locally Installed Applets Too Easily Trusted.

Internal Security Mechanisms Fragile.

Summary.

java.security.GeneralSecurityException.

Security Policy.

CodeSource.

Testing for Equality and Using Implication.

Permission Hierarchy.

java.security.Permission.

Permission Sets.

java.security.UnresolvedPermission.

java.io.FilePermission.

java.net.SocketPermission.

java.security.BasicPermission.

java.util.PropertyPermission.

java.lang.RuntimePermission.

java.awt.AWTPermission.

java.net.NetPermission.

java.lang.reflect.ReflectPermission.

java.io.SerializablePermission.

java.security.SecurityPermission.

java.security.AllPermission.

Implications of Permission Implications.

Assigning Permissions.

Positive versus Negative Permissions.

ProtectionDomain.

Securely Loading Classes.

Class Loader Hierarchy.

java.lang.ClassLoader and Delegation.

java.security.SecureClassLoader.

java.net.URLClassLoader.

Classpaths.

java.lang.SecurityManager.

Example Use of the Security Manager.

Unchanged APIs in JDK 1.2.

Deprecated Methods in JDK 1.2.

java.security.AccessController.

Interface Design of AccessController.

The Basic Access Control Algorithm.

Method Inheritance.

Extending the Basic Algorithm with Privileged Operations.

Three Types of Privileged Actions.

The Context of Access Control.

The Full Access Control Algorithm.

SecurityManager versus AccessController.

A Mini-History of Privileged Operations.

Summary and Lessons Learned.



4. Deploying the Security Architecture.

Installing JDK 1.2.

Policy Configuration.

Configuring System-Wide and User-Specific Policies.

Configuring Application-Specific Policies.

Configuring an Alternative Policy Class Implementation.

Default Policy File Format.

Policy File Examples.

Property Expansion in Policy Files.

Digital Certificates.

Helpful Security Tools.

Keystore Databases.

Keytool.

Policy Tool.

Jarsigner.

Code Signing Example.

Managing Security Policies for Nonexperts.



5. Customizing the Security Architecture.

Creating New Permission Types.

Composite Permissions.

Customizing Security Policy.

Migrating JDK 1.1-Based Security Managers.

JDK 1.1 Security Manager Classes.

Accommodating JDK 1.1 Security Managers on JDK 1.2.

Modifying JDK 1.1 Security Managers for JDK 1.2.



6. Object Security.

Security Exceptions.

Fields and Methods.

Static Fields.

Private Object State and Object Immutability.

Privileged Code.

Serialization.

Inner Classes.

Native Methods.

Signing Objects.

Sealing Objects.

Guarding Objects.

Examples of Using GuardedObject.



7. Programming Cryptography.

Design Principles.

Cryptographic Services and Service Providers.

Installing and Adding a Provider.

Cryptography Classes.

java.security.Security.

java.security.Provider.

java.security.MessageDigest.

java.security.Signature.

Algorithm Parameters.

java.security.Key and java.security.spec.KeySpec.

java.security.KeyFactory and java.security.cert.CertificateFactory.

KeyPair and KeyPairGenerator.

java.security.KeyStore.

Randomness and Seed Generators.

java.security.SecureRandom.

Code Examples.

Example 1: Computing a Message Digest.

Example 2: Generating a Public/Private Key Pair.

Example 3: Generating and Verifying Signatures.

Example 4: Reading a File That Contains Certificates.

Standard Names.

Message Digest Algorithms.

Key and Parameter Algorithms.

Digital Signature Algorithms.

Random Number Generation Algorithms.

Certificate Types.

Keystore Types.

Algorithm Specifications.

SHA-1 Message Digest Algorithm.

MD2 Message Digest Algorithm.

MD5 Message Digest Algorithm.

Digital Signature Algorithm.

RSA-Based Signature Algorithms.

DSA KeyPair Generation Algorithm.

RSA KeyPair Generation Algorithm.

DSA Parameter Generation Algorithm.



8. Future Directions.

Security Management.

JDK Feature Enhancement.

Java Authentication and Authorization Service.

Subjects and Principals.

Credentials.

Pluggable and Stacked Authentication.

Callbacks.

Access Control.

JAAS Implementation.

Conclusion.



Bibliography.


Index. 0201310007T04062001

Additional information

GOR004822182
9780201310009
0201310007
Inside Java (TM) 2 Platform Security: Architecture, API Design, and Implementation by Li Gong
Li Gong
Used - Very Good
Paperback
Pearson Education (US)
19990726
288
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - Inside Java (TM) 2 Platform Security