Preface. How This Book Is Organized.
Acknowledgements.
About the Authors.
Preface to the First Edition. Computer and Network Security Fundamentals. Cryptography versus Computer Security.
Threats and Protection.
Perimeter Defense
Access Control and Security Models.
Using Cryptography.
Authentication.
Mobile Code.
Where Java Technology-Based Security Fits In.
Basic Security for the Java Programming Language. The Java Programming Language and Platform.
Original Basic Security Architecture.
Bytecode Verification and Type Safety.
Signed Applets.
Further Enhancements.
Java 2 Security Architecture. Security Architecture Requirements of Java (TM) 2.
Overview of the Java 2 Security Architecture.
Architecture Summary.
Lessons Learned.
Secure Class Loading. Class Files, Types, and Defining Class Loaders.
Well-Known Class Loader Instances.
Class Loader Hierarchies.
Loading Classes.
SecureClassLoader Details.
URLClassLoader Details.
Class Paths.
Elements of Security Policy. Permissions.
Describing Code.
ProtectionDomain.
Security Policy.
Assigning Permissions.
Dynamic Security Policy.
Enforcing Security Policy. SecurityManager.
AccessControlContext.
DomainCombiner.
AccessController.
Customizing Security Policy. Customizing Security Policy Enforcement.
Customizing Security Policy Decisions.
Customizing the Access Control Context.
Establishing Trust. Digital Certificates.
Establishing Trust with Certification Paths.
Establishing Trust in Signed Code.
User-Centric Authentication and Authorization using JAAS.
Distributed End-Entity Authentication.
Object Security. Security Exceptions.
Fields and Methods.
Static Fields.
Private Object State and Object Immutability.
Privileged Code.
Serialization.
Inner Classes.
Native Methods.
Signing Objects.
Sealing Objects.
Guarding Objects.
Programming Cryptography. Cryptographic Concepts.
Design Principles.
Cryptographic Services and Service Providers.
Core Cryptography Classes.
Additional Cryptography Classes.
Code Examples.
Standard Names.
Algorithm Specifications.
Network Security. Java GSS-API.
JSSE.
Remote Method Invocation.
Deploying the Security Architecture. Installing the Latest Java 2 Platform Software.
The Installation Directory.
Setting System and Security Properties.
Securing the Deployment.
Installing Provider Packages.
Policy Configuration.
JAAS Login Configuration Files.
Security Tools.
Other Platforms and Future Directions. Introduction to Java Card.
Introduction to Java 2 Micro Edition.
Security Enhancements On the Horizon for J2SE.
Brief Introduction To Jini Network Technology.
Brief Introduction to J2EE.
Client Containers.
Final Remarks.
Bibliography. Index. 0201787911T04082003